Joe Sandbox Cloud Basic Analysis Report
Create Interactive Tour

Analysis Report BingWallpaper.exe

Overview

General Information

Sample Name:BingWallpaper.exe
Analysis ID:348563
MD5:333ed21e54075cf3cf19be8c38c6f122
SHA1:f4b3b4324d594bdd76c27baee8730db3b07495a2
SHA256:2256580eed80d1262369169185bd9412062d0cb0d1aff219625aec76ca3ed5fb
Tags:exe

Most interesting Screenshot:

Detection

Score:21
Range:0 - 100
Whitelisted:false
Confidence:40%

Compliance

Score:32
Range:0 - 100

Signatures

Binary contains a suspicious time stamp
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality which may be used to detect a debugger (GetProcessHeap)
DLL planting / hijacking vulnerabilities found
Detected potential crypto function
Drops PE files
Enables debug privileges
Found dropped PE file which has not been started or loaded
Found potential string decryption / allocating functions
PE file contains an invalid checksum
PE file contains executable resources (Code or Archives)
PE file contains strange resources
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Tries to load missing DLLs
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious

Analysis Advice

Sample drops PE files which have not been started, submit dropped PE samples for a secondary analysis to Joe Sandbox
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additional characters like: "-", "/", "--")
Sample tries to load a library which is not present or installed on the analysis machine, adding the library might reveal more behavior



Startup

  • System is w10x64
  • BingWallpaper.exe (PID: 6124 cmdline: 'C:\Users\user\Desktop\BingWallpaper.exe' MD5: 333ED21E54075CF3CF19BE8C38C6F122)
    • StartupInstaller.exe (PID: 6584 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe MD5: 6D82A313035A9A8A9475FC95DBAA791C)
      • BWInstaller.exe (PID: 3716 cmdline: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe MD5: 15103A2F376A076B4BB4D4EAC83CA1E6)
  • rundll32.exe (PID: 6440 cmdline: 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\' MD5: 73C519F050C20580F8A62C849D49215A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Signature Overview

  • Privilege Escalation
  • Compliance
  • Spreading
  • Networking
  • System Summary
  • Data Obfuscation
  • Persistence and Installation Behavior
  • Hooking and other Techniques for Hiding and Protection
  • Malware Analysis System Evasion
  • Anti Debugging
  • HIPS / PFW / Operating System Protection Evasion
  • Language, Device and Operating System Detection

Click to jump to signature section

Show All Signature Results
Source: C:\Users\user\Desktop\BingWallpaper.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\BingWallpaper.exeDLL: Cabinet.dllJump to behavior

Compliance:

barindex
DLL planting / hijacking vulnerabilities found
Source: C:\Users\user\Desktop\BingWallpaper.exeDLL: VERSION.dllJump to behavior
Source: C:\Users\user\Desktop\BingWallpaper.exeDLL: Cabinet.dllJump to behavior
Uses 32bit PE files
Source: BingWallpaper.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
PE / OLE file has a valid certificate
Source: BingWallpaper.exeStatic PE information: certificate valid
Contains modern PE file flags such as dynamic base (ASLR) or NX
Source: BingWallpaper.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Binary contains paths to debug symbols
Source: Binary string: wextract.pdb source: BingWallpaper.exe
Source: Binary string: wextract.pdbGCTL source: BingWallpaper.exe
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\DefaultSetup.pdb source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: BWInstaller.exe, Newtonsoft.Json.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWCCustomProgressBar_DLL\BWCProgressBar\obj\Release\BWCProgressBar.pdb source: BWCProgressBar.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Applications\BingWallpaperApp\Release\DispatchQueue.pdb source: BWInstaller.exe, 00000003.00000002.1059932691.000000006E6FB000.00000002.00020000.sdmp, DispatchQueue.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWCCustomProgressBar_DLL\BWCProgressBar\obj\Release\BWCProgressBar.pdbL2f2 X2_CorDllMainmscoree.dll source: BWCProgressBar.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWInstaller\obj\Release\BWInstaller.pdbhc source: BWInstaller.exe.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWInstaller\obj\Release\BWInstaller.pdb source: BWInstaller.exe, BWInstaller.exe.0.dr
Source: Binary string: D:\SRR\VSTS\Repos\BingGrowthApps\Installers\StartupInstaller\Release\StartupInstaller.pdb source: BingWallpaper.exe, 00000000.00000003.660836495.0000000003393000.00000004.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp, StartupInstaller.exe.0.dr
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\BrowserDefMgr.pdb source: BWInstaller.exe, 00000003.00000002.1059320588.000000006A42D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\BrowserDefMgr.pdbG source: BWInstaller.exe, 00000003.00000002.1059320588.000000006A42D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: BWInstaller.exe, 00000003.00000002.1048003292.0000000005312000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: BWCInstaller.msi.0.dr
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E7EFF FindFirstFileExW,2_2_008E7EFF
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: BWInstaller.exe, 00000003.00000002.1041680291.00000000009F5000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://james.newtonking.com/projects/json
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0C
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0K
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0N
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: http://ocsp.digicert.com0O
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.ascendercorp.com/typedesigners.htmlF
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.com
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.carterandcone.comA
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com#
Source: BWInstaller.exe, 00000003.00000003.674202067.0000000006419000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comF
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comals
Source: BWInstaller.exe, 00000003.00000003.674749443.0000000006416000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comalsT
Source: BWInstaller.exe, 00000003.00000003.674202067.0000000006419000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcom
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comcomF:
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comd
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comdO
Source: BWInstaller.exe, 00000003.00000003.674435412.0000000006416000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comditaF
Source: BWInstaller.exe, 00000003.00000003.674435412.0000000006416000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comed
Source: BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comto
Source: BWInstaller.exe, 00000003.00000002.1049674828.0000000006400000.00000004.00000001.sdmpString found in binary or memory: http://www.fontbureau.comu
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000003.672572133.0000000006403000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
Source: BWInstaller.exe, 00000003.00000003.672514975.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cnht
Source: BWInstaller.exe, 00000003.00000003.674921775.0000000006418000.00000004.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
Source: BWInstaller.exe, 00000003.00000003.674971932.0000000006412000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/#
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp//Bo
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/:
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/F
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/O
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/U
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/fr-f:
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/h
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/F
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/jp/y
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/p
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/r
Source: BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/y
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drString found in binary or memory: http://www.mozilla.org/2006/browser/search/
Source: BWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
Source: BWInstaller.exe, 00000003.00000003.671123526.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comed
Source: BWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comed.
Source: BWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comril
Source: BWInstaller.exe, 00000003.00000003.671123526.0000000006436000.00000004.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.comt
Source: BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
Source: BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.digicert.com/CPS0
Source: BWInstaller.exe, BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpString found in binary or memory: https://www.microsoftnews.com/?pc=__PARAM__&ocid=MNHP___PARAM__
Source: BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1044219004.0000000002D33000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.
Source: BWInstaller.exe, 00000003.00000002.1041680291.00000000009F5000.00000004.00000020.sdmp, BWInstaller.exe, 00000003.00000002.1043944761.0000000002CD4000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?pc=W069&ocid=MSNHP_W069
Source: BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?pc=__PARAM_
Source: BWInstaller.exe, 00000003.00000002.1042640530.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?pc=__PARAM__
Source: BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?pc=__PARAM__&amp&ocid=MSNHP___PARAM__
Source: BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmp, BWInstaller.exe.config.0.drString found in binary or memory: https://www.msn.com/?pc=__PARAM__&ocid=MSNHP___PARAM__
Source: BWInstaller.exe, BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpString found in binary or memory: https://www.msn.com/?pc=__PARAM__&ocid=MSNHP___PARAM__
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: BWInstaller.exe, Newtonsoft.Json.dll.0.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E11502_2_008E1150
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008EDE9D2_2_008EDE9D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: String function: 008E2E60 appears 33 times
Source: BingWallpaper.exeStatic PE information: Resource name: RT_RCDATA type: Microsoft Cabinet archive data, 8428269 bytes, 9 files
Source: BingWallpaper.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BingWallpaper.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BingWallpaper.exeStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BWInstaller.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
Source: BingWallpaper.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUI< vs BingWallpaper.exe
Source: BingWallpaper.exeBinary or memory string: OriginalFilenameWEXTRACT.EXE .MUID vs BingWallpaper.exe
Source: C:\Users\user\Desktop\BingWallpaper.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeSection loaded: sfc.dllJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeSection loaded: sfc.dllJump to behavior
Source: BingWallpaper.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
Source: BWInstaller.exe.0.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: classification engineClassification label: sus21.winEXE@6/9@0/0
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeFile created: C:\Users\user\AppData\Local\Microsoft\DispatcherJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeMutant created: \Sessions\1\BaseNamedObjects\// {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMPJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCommand line argument: Release2_2_008E1160
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCommand line argument: open2_2_008E1160
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCommand line argument: L%u2_2_008E1160
Source: BingWallpaper.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
Source: C:\Users\user\Desktop\BingWallpaper.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name=='sqlite_sequence';
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: SELECT 'INSERT INTO vacuum_db.' || quote(name) || ' SELECT * FROM main.' || quote(name) || ';'FROM main.sqlite_master WHERE type = 'table' AND name!='sqlite_sequence' AND coalesce(rootpage,1)>0
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.drBinary or memory string: SELECT 'DELETE FROM vacuum_db.' || quote(name) || ';' FROM vacuum_db.sqlite_master WHERE name='sqlite_sequence'
Source: unknownProcess created: C:\Users\user\Desktop\BingWallpaper.exe 'C:\Users\user\Desktop\BingWallpaper.exe'
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
Source: unknownProcess created: C:\Windows\System32\rundll32.exe 'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'
Source: C:\Users\user\Desktop\BingWallpaper.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeProcess created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
Source: BingWallpaper.exeStatic PE information: certificate valid
Source: initial sampleStatic PE information: Valid certificate with Microsoft Issuer
Source: BingWallpaper.exeStatic file information: File size 8585112 > 1048576
Source: BingWallpaper.exeStatic PE information: Raw size of .rsrc is bigger than: 0x100000 < 0x825600
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
Source: BingWallpaper.exeStatic PE information: GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
Source: BingWallpaper.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: Binary string: wextract.pdb source: BingWallpaper.exe
Source: Binary string: wextract.pdbGCTL source: BingWallpaper.exe
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\DefaultSetup.pdb source: BWInstaller.exe, 00000003.00000002.1059360269.000000006A44D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: BWInstaller.exe, Newtonsoft.Json.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWCCustomProgressBar_DLL\BWCProgressBar\obj\Release\BWCProgressBar.pdb source: BWCProgressBar.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Applications\BingWallpaperApp\Release\DispatchQueue.pdb source: BWInstaller.exe, 00000003.00000002.1059932691.000000006E6FB000.00000002.00020000.sdmp, DispatchQueue.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWCCustomProgressBar_DLL\BWCProgressBar\obj\Release\BWCProgressBar.pdbL2f2 X2_CorDllMainmscoree.dll source: BWCProgressBar.dll.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWInstaller\obj\Release\BWInstaller.pdbhc source: BWInstaller.exe.0.dr
Source: Binary string: D:\Ramesh\VSTS\BingGrowthApps\Installers\BWInstaller\BWInstaller\obj\Release\BWInstaller.pdb source: BWInstaller.exe, BWInstaller.exe.0.dr
Source: Binary string: D:\SRR\VSTS\Repos\BingGrowthApps\Installers\StartupInstaller\Release\StartupInstaller.pdb source: BingWallpaper.exe, 00000000.00000003.660836495.0000000003393000.00000004.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp, StartupInstaller.exe.0.dr
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\BrowserDefMgr.pdb source: BWInstaller.exe, 00000003.00000002.1059320588.000000006A42D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: D:\SRR\VSTS\3.4Release\Applications\DefaultOffer\Release\BrowserDefMgr.pdbG source: BWInstaller.exe, 00000003.00000002.1059320588.000000006A42D000.00000002.00020000.sdmp, BrowserDefMgr.dll.0.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: BWInstaller.exe, 00000003.00000002.1048003292.0000000005312000.00000002.00020000.sdmp, Newtonsoft.Json.dll.0.dr
Source: Binary string: C:\agent\_work\8\s\build\ship\x86\SfxCA.pdb source: BWCInstaller.msi.0.dr

Data Obfuscation:

barindex
Binary contains a suspicious time stamp
Source: initial sampleStatic PE information: 0xB9387306 [Thu Jun 21 06:07:02 2068 UTC]
Source: BingWallpaper.exeStatic PE information: real checksum: 0x83a213 should be: 0x83d75f
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E2EA4 push ecx; ret 2_2_008E2EB6
Source: initial sampleStatic PE information: section name: .text entropy: 7.3471242257
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\DispatchQueue.dllJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BrowserDefMgr.dllJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeFile created: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCProgressBar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Windows\System32\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
Source: C:\Users\user\Desktop\BingWallpaper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dllJump to dropped file
Source: C:\Users\user\Desktop\BingWallpaper.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCProgressBar.dllJump to dropped file
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E7EFF FindFirstFileExW,2_2_008E7EFF
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess information queried: ProcessInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E2C07 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008E2C07
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E8F88 mov eax, dword ptr fs:[00000030h]2_2_008E8F88
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E676D mov eax, dword ptr fs:[00000030h]2_2_008E676D
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008EA01F GetProcessHeap,2_2_008EA01F
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeProcess token adjusted: DebugJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E2D9A SetUnhandledExceptionFilter,2_2_008E2D9A
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E24AE SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,2_2_008E24AE
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E2C07 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008E2C07
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E5B6B IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,2_2_008E5B6B
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeMemory allocated: page read and write | page guardJump to behavior
Source: BingWallpaper.exe, 00000000.00000002.1044481186.0000000003800000.00000002.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041618109.0000000001600000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1042150260.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Program Manager
Source: BingWallpaper.exe, 00000000.00000002.1044481186.0000000003800000.00000002.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041618109.0000000001600000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1042150260.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
Source: BingWallpaper.exe, 00000000.00000002.1044481186.0000000003800000.00000002.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041618109.0000000001600000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1042150260.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Progman
Source: BingWallpaper.exe, 00000000.00000002.1044481186.0000000003800000.00000002.00000001.sdmp, StartupInstaller.exe, 00000002.00000002.1041618109.0000000001600000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1042150260.0000000000FC0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exeCode function: 2_2_008E2EB8 cpuid 2_2_008E2EB8
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformationJump to behavior
Source: C:\Users\user\Desktop\BingWallpaper.exeCode function: 0_2_00867105 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,0_2_00867105
Source: C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsCommand and Scripting Interpreter2DLL Side-Loading1Process Injection2Masquerading1OS Credential DumpingSystem Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobDLL Search Order Hijacking1DLL Side-Loading1Disable or Modify Tools1LSASS MemorySecurity Software Discovery2Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothJunk DataExploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)DLL Search Order Hijacking1Process Injection2Security Account ManagerProcess Discovery2SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationSteganographyExploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Deobfuscate/Decode Files or Information1NTDSFile and Directory Discovery1Distributed Component Object ModelInput CaptureScheduled TransferProtocol ImpersonationSIM Card SwapCarrier Billing Fraud
Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptObfuscated Files or Information3LSA SecretsSystem Information Discovery24SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
Replication Through Removable MediaLaunchdRc.commonRc.commonRundll321Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
External Remote ServicesScheduled TaskStartup ItemsStartup ItemsSoftware Packing2DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobTimestomp1Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)DLL Side-Loading1/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)DLL Search Order Hijacking1Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 348563 Sample: BingWallpaper.exe Startdate: 04/02/2021 Architecture: WINDOWS Score: 21 24 Binary contains a suspicious time stamp 2->24 7 BingWallpaper.exe 1 11 2->7         started        10 rundll32.exe 2->10         started        process3 file4 16 C:\Users\user\...\StartupInstaller.exe, PE32 7->16 dropped 18 C:\Users\user\AppData\...18ewtonsoft.Json.dll, PE32 7->18 dropped 20 C:\Users\user\AppData\...\DispatchQueue.dll, PE32 7->20 dropped 22 3 other files (none is malicious) 7->22 dropped 12 StartupInstaller.exe 7->12         started        process5 process6 14 BWInstaller.exe 1 6 12->14         started       

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
BingWallpaper.exe0%MetadefenderBrowse
BingWallpaper.exe0%ReversingLabs

Dropped Files

SourceDetectionScannerLabelLink
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCProgressBar.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCProgressBar.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe0%ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BrowserDefMgr.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\BrowserDefMgr.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\DispatchQueue.dll3%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\DispatchQueue.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll0%ReversingLabs
C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe0%MetadefenderBrowse
C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe0%ReversingLabs

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/F0%Avira URL Cloudsafe
http://www.fontbureau.comalsT0%Avira URL Cloudsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.tiro.com0%URL Reputationsafe
http://www.ascendercorp.com/typedesigners.htmlF0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp//Bo0%Avira URL Cloudsafe
http://www.sajatypeworks.comed0%Avira URL Cloudsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.goodfont.co.kr0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.carterandcone.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.sajatypeworks.com0%URL Reputationsafe
http://www.founder.com.cn/cnht0%Avira URL Cloudsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.typography.netD0%URL Reputationsafe
http://www.carterandcone.comA0%Avira URL Cloudsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/:0%Avira URL Cloudsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://fontfabrik.com0%URL Reputationsafe
http://www.fontbureau.comcom0%URL Reputationsafe
http://www.fontbureau.comcom0%URL Reputationsafe
http://www.fontbureau.comcom0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
http://www.fontbureau.comed0%Avira URL Cloudsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.sandoll.co.kr0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/#0%Avira URL Cloudsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.urwpp.deDPlease0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.zhongyicts.com.cn0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.sakkal.com0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.galapagosdesign.com/0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.fontbureau.comF0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/U0%Avira URL Cloudsafe
https://www.msn.0%Avira URL Cloudsafe
http://www.sajatypeworks.comt0%URL Reputationsafe
http://www.sajatypeworks.comt0%URL Reputationsafe
http://www.sajatypeworks.comt0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/O0%Avira URL Cloudsafe
http://www.sajatypeworks.comril0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/F0%URL Reputationsafe
http://www.fontbureau.comto0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/jp/0%URL Reputationsafe
http://www.fontbureau.comd0%URL Reputationsafe
http://www.fontbureau.comd0%URL Reputationsafe
http://www.fontbureau.comd0%URL Reputationsafe
http://www.fontbureau.comcomF:0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/jp/y0%Avira URL Cloudsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://james.newtonking.com/projects/json0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.carterandcone.coml0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/y0%Avira URL Cloudsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.founder.com.cn/cn0%URL Reputationsafe
http://www.fontbureau.comdO0%Avira URL Cloudsafe
http://www.sajatypeworks.comed.0%Avira URL Cloudsafe
http://www.jiyu-kobo.co.jp/r0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/r0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/r0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/p0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
http://www.jiyu-kobo.co.jp/0%URL Reputationsafe

Domains and IPs

Contacted Domains

No contacted domains info
NameSourceMaliciousAntivirus DetectionReputation
http://www.fontbureau.com/designersGBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
    		high
    http://www.fontbureau.com/designers/?BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
      		high
      http://www.founder.com.cn/cn/bTheBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
      • URL Reputation: safe
      • URL Reputation: safe
      • URL Reputation: safe
      		unknown
      http://www.jiyu-kobo.co.jp/jp/FBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
      • Avira URL Cloud: safe
      		unknown
      http://www.fontbureau.com/designers?BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
        		high
        https://www.msn.com/?pc=__PARAM__BWInstaller.exe, 00000003.00000002.1042640530.0000000002901000.00000004.00000001.sdmpfalse
          		high
          https://www.msn.com/?pc=__PARAM__&ocid=MSNHP___PARAM__BWInstaller.exe, BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpfalse
            		high
            http://www.fontbureau.comalsTBWInstaller.exe, 00000003.00000003.674749443.0000000006416000.00000004.00000001.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://www.tiro.comBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://www.msn.com/?pc=__PARAM_BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpfalse
              		high
              https://www.newtonsoft.com/jsonNewtonsoft.Json.dll.0.drfalse
                		high
                http://www.ascendercorp.com/typedesigners.htmlFBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.jiyu-kobo.co.jp//BoBWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.sajatypeworks.comedBWInstaller.exe, 00000003.00000003.671123526.0000000006436000.00000004.00000001.sdmpfalse
                • Avira URL Cloud: safe
                		unknown
                http://www.fontbureau.com/designersBWInstaller.exe, 00000003.00000003.674202067.0000000006419000.00000004.00000001.sdmpfalse
                  		high
                  http://www.goodfont.co.krBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.carterandcone.comBWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                  • URL Reputation: safe
                  • URL Reputation: safe
                  • URL Reputation: safe
                  		unknown
                  http://www.fontbureau.com#BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                    		high
                    http://www.sajatypeworks.comBWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.founder.com.cn/cnhtBWInstaller.exe, 00000003.00000003.672514975.0000000006436000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.typography.netDBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.carterandcone.comABWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.founder.com.cn/cn/cTheBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.jiyu-kobo.co.jp/:BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.galapagosdesign.com/staff/dennis.htmBWInstaller.exe, 00000003.00000003.674971932.0000000006412000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://fontfabrik.comBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.comcomBWInstaller.exe, 00000003.00000003.674202067.0000000006419000.00000004.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.galapagosdesign.com/DPleaseBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                    • URL Reputation: safe
                    • URL Reputation: safe
                    • URL Reputation: safe
                    		unknown
                    http://www.fontbureau.comedBWInstaller.exe, 00000003.00000003.674435412.0000000006416000.00000004.00000001.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.fonts.comBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                      		high
                      http://www.sandoll.co.krBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.jiyu-kobo.co.jp/#BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.urwpp.deDPleaseBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.zhongyicts.com.cnBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      http://www.sakkal.comBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                      • URL Reputation: safe
                      • URL Reputation: safe
                      • URL Reputation: safe
                      		unknown
                      https://www.msn.com/?pc=__PARAM__&amp;ocid=MSNHP___PARAM__BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmp, BWInstaller.exe.config.0.drfalse
                        		high
                        https://www.msn.com/?pc=__PARAM__&amp&ocid=MSNHP___PARAM__BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpfalse
                          		high
                          http://www.apache.org/licenses/LICENSE-2.0BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                            		high
                            http://www.fontbureau.comBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                              		high
                              http://www.galapagosdesign.com/BWInstaller.exe, 00000003.00000003.674921775.0000000006418000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comFBWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/UBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://www.msn.BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmp, BWInstaller.exe, 00000003.00000002.1044219004.0000000002D33000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sajatypeworks.comtBWInstaller.exe, 00000003.00000003.671123526.0000000006436000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/OBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.sajatypeworks.comrilBWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/FBWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comtoBWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comdBWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.fontbureau.comcomF:BWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/jp/yBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://james.newtonking.com/projects/jsonNewtonsoft.Json.dll.0.drfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.carterandcone.comlBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://www.jiyu-kobo.co.jp/yBWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.fontbureau.com/designers/cabarga.htmlNBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                                		high
                                http://www.founder.com.cn/cnBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmp, BWInstaller.exe, 00000003.00000003.672572133.0000000006403000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.fontbureau.com/designers/frere-user.htmlBWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.fontbureau.comdOBWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.sajatypeworks.comed.BWInstaller.exe, 00000003.00000003.671081390.0000000006436000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/rBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/pBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.jiyu-kobo.co.jp/BWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.0.drfalse
                                    		high
                                    http://www.fontbureau.com/designers8BWInstaller.exe, 00000003.00000002.1049897089.0000000006570000.00000002.00000001.sdmpfalse
                                      		high
                                      http://www.jiyu-kobo.co.jp/hBWInstaller.exe, 00000003.00000003.673886135.0000000006414000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://www.nuget.org/packages/Newtonsoft.Json.BsonBWInstaller.exe, Newtonsoft.Json.dll.0.drfalse
                                        		high
                                        http://www.fontbureau.comalsBWInstaller.exe, 00000003.00000003.674603396.0000000006413000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://www.fontbureau.comuBWInstaller.exe, 00000003.00000002.1049674828.0000000006400000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.msn.com/?pc=W069&ocid=MSNHP_W069BWInstaller.exe, 00000003.00000002.1041680291.00000000009F5000.00000004.00000020.sdmp, BWInstaller.exe, 00000003.00000002.1043944761.0000000002CD4000.00000004.00000001.sdmpfalse
                                          		high
                                          http://www.fontbureau.comditaFBWInstaller.exe, 00000003.00000003.674435412.0000000006416000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.jiyu-kobo.co.jp/fr-f:BWInstaller.exe, 00000003.00000003.673243927.0000000006406000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.microsoftnews.com/?pc=__PARAM__&ocid=MNHP___PARAM__BWInstaller.exe, BWInstaller.exe, 00000003.00000002.1043335105.0000000002B2E000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown

                                          Contacted IPs

                                          No contacted IP infos

                                          General Information

                                          Joe Sandbox Version:31.0.0 Emerald
                                          Analysis ID:348563
                                          Start date:04.02.2021
                                          Start time:12:14:53
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 9m 11s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:BingWallpaper.exe
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:20
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:SUS
                                          Classification:sus21.winEXE@6/9@0/0
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 94.1% (good quality ratio 86.8%)
                                          • Quality average: 76.2%
                                          • Quality standard deviation: 30.8%
                                          HCA Information:Failed
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .exe
                                          Warnings:
                                          • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          • VT rate limit hit for: /opt/package/joesandbox/database/analysis/348563/sample/BingWallpaper.exe

                                          Simulations

                                          No simulations

                                          Joe Sandbox View / Context

                                          IPs

                                          No context

                                          Domains

                                          No context

                                          ASN

                                          No context

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dllhttps://cdn.discordapp.com/attachments/752037156901355661/788166037140930611/FunneeeeeMonkee.zipGet hashmaliciousBrowse
                                            ProtonVPN_win_v1.16.3.exeGet hashmaliciousBrowse
                                              ProGetSetup5.3.6.exeGet hashmaliciousBrowse
                                                ProtonVPN_win_v1.16.1.exeGet hashmaliciousBrowse
                                                  ProtonVPN_win_v1.15.0.exeGet hashmaliciousBrowse
                                                    https://dnl.hamapps.com/JTAlert/b4d05b5174ca5c7c1ee3f9bf01b911d8Get hashmaliciousBrowse

                                                      Created / dropped Files

                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCInstaller.msi
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:2
                                                      Category:dropped
                                                      Size (bytes):6418432
                                                      Entropy (8bit):7.946722354563286
                                                      Encrypted:false
                                                      SSDEEP:98304:QounLCPcoZ3bFrJ89asCqR3cYQpg6zP4SzRp1BJWXlwK5prM0p:QbubZ3bFl2jJMYQpg6nzRpTMXy8
                                                      MD5:0BBAF943832EAD78F5F706CF9FA65D56
                                                      SHA1:EFA85517E703066095370C434DB65E8B4405A0D3
                                                      SHA-256:1C0F630C26E44C0D2498BA79B78E7034CB14BD55D7E1D8EEB56981FED73009EF
                                                      SHA-512:99F70B81D17ED70832E93AFE7A588B7606C7C932F7F29385C2C4A53ED378C7DE4FFE4C5C5E93B2AA9CCC41C6698D2D7EF32A085737BD991EB5F02189DBC186DC
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: ......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCProgressBar.dll
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):16248
                                                      Entropy (8bit):6.473384265320657
                                                      Encrypted:false
                                                      SSDEEP:192:RKQjvt7ddX5ZTLhZ5HYlYz33W4GD5dHnhWgN7aJeWrMZq6ArNc4qnajr7lD9:djvtZ/ZTL54li3edHRN7WMV4lrlD9
                                                      MD5:533A332946E5E27379F84AB8932E6C4C
                                                      SHA1:7FCD1FEE89CC6D53D894DCD55C0AE3ACBC281F34
                                                      SHA-256:0FA5B8E8945443744FCC28FB8A49152DAA44417169A2DECB0AE770F4A4CF08E2
                                                      SHA-512:0BD4CACA817472F2B691273A3FD660AF38ACAD86B1F5E0A9A17A0D48B184A5C359EDF3B869E07F182CC600D1F1C823D9D1B2D514822FCAD7E8E256502DC6CCB2
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....p..........." ..0.............v2... ...@....... ...............................p....`.................................$2..O....@..................x#...`......X1..8............................................ ............... ..H............text...|.... ...................... ..`.rsrc........@......................@..@.reloc.......`......................@..B................X2......H........$...............0................................................(....*.0..f........o......{....s......{.....{....Yk.{.....{....Yk[..(.........(....k.Zi(.......o......(.....o.....o....*..{....*...0..C........./...}......{....1...}......}.....{.....{..../...{....}.....(....*..{....*...{..../...}......}.....{.....{....1...{....}.....(....*..{....*.0..,........{......{..../...{....}....+...{....1...{....}....+...}.....(......(......{.....{....Yk.{.....{....Yk[.....(....
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWCUI.json
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):276964
                                                      Entropy (8bit):5.918884625383502
                                                      Encrypted:false
                                                      SSDEEP:1536:qdzB5fHYCYZt2d2d23SaoDWzA8OeABOeAWDPRoCsqw5RyxhE/yMq4zmrg85R17Yo:gfg4RyxhE/YQ832fzz8iKgIPGLXK7t
                                                      MD5:832E07AA8DF171976BDE4BA896A6E872
                                                      SHA1:D449219CBD34D732D0788EDDC1A238D514EE96D4
                                                      SHA-256:FF2DCD12ACE107E31F78527CBA14459387FBC9D257EB5B9AA77602C17AA0FD69
                                                      SHA-512:BA42F11138F72D96200A0C81D093B44776EB97A370266E4013074CB5D8E9557C846BC18543434D7D9B1967CD04785782989F715EC5608C90DECCDA600DA3F5B0
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: .{.. "Settings": {.. "PriorityMarkets": [.. "de-de", "de-at", "de-ch", "en-au", "en-ca", "en-in", "en-gb", "en-us", "es-ar", "es-mx",.. "es-es", "fr-be", "fr-ca", "fr-fr", "ja-jp", "it-it", "pt-br", "pt-pt", "zh-cn",.. "zh-hk", "zh-tw", "ar-sa", "bg-bg", "bs-latn-ba", "ca-es", "ca-es-valencia", .. "cs-cz", "da-dk", "el-gr", "eu-es", "hr-hr", "id-id", "kk-kz", "ko-kr", .. "nb-no", "nl-be", "nl-nl", "ro-ro", "ru-ru", "sv-se", "sq-al", "sr-latn-cs", "th-th", "tr-tr",.. "uk-ua", "vi-vn", "am-et", "et-ee", "fa-ir", "fi-fi", "he-il", "hu-hu", "lt-lt", "lv-lv",.. "pl-pl", "sk-sk", "sl-si", "sr-cyrl-rs", "sr-latn-rs".. ],.. "MarketMapping": {.. "ca-es": "es-es",.. "ca-es-valencia": "es-es",.. "eu-es": "es-es",.. "sr-latn-cs": "sr-latn-rs".. } .. },.. "en-gb": {.. "alreadyInstalledError": "Bing Wallpaper has already been installed. Please uninstall and try again.",.. "btnGotIt": "Got it",.. "btnLetMeCheck": "Let me
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):729992
                                                      Entropy (8bit):6.916236572404756
                                                      Encrypted:false
                                                      SSDEEP:12288:lPBB5PlxPhHPEMmm/KHPaBUYrCRmzG4MYBsi8KxXNtWlPxIhh4a:BBPPlxPhqm5rCRYGdYBNuxIhaa
                                                      MD5:15103A2F376A076B4BB4D4EAC83CA1E6
                                                      SHA1:E51260B8E7DF549DDDAE0B55EC6A7384EE6859C2
                                                      SHA-256:A4378D7F4CC153972E91EA720D3EDAADB065AF343F429C5E4182B7A0E73EE97B
                                                      SHA-512:B9D534A9EEA7EE62309489AB157E682E60DD619A2D6D3C65C3C30B8F26BCAF6494706E00041685C7C9BBC813554FE75661437647A42E5BAF6A0BD74EDECF6F8F
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......`.........."...0..D...........c... ........@.. .......................`............`.................................@c..O.......................#...@.......b............................................... ............... ..H............text....C... ...D.................. ..`.rsrc...............F..............@..@.reloc.......@......................@..B................tc......H.......P................X...............................................0..|........s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....~q...}.....s{...}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....s....}.....~........s....s....}.......s....}.....(.....('....r...po ....r...p(!....(....("...........s#...($....{...........s#...o%....{.......%...s#...o%....{....... ...s&...o'...*.0..V........~q.
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe.config
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):677
                                                      Entropy (8bit):5.066932939422285
                                                      Encrypted:false
                                                      SSDEEP:12:TMHd41cOnEMPPWhl3V5+764mX3DpS4uFMfPf62OpUtO7YvS08KHDlY23xT:2dXnr4mA4uKk30Tb
                                                      MD5:EDA99AC92FFCF108489D220155CAF1C1
                                                      SHA1:19EEA74EF99F1A28811CFEE5198A77BD6CFD864F
                                                      SHA-256:7672A9BDC78C10002C707763D338B52223C8A9F3DBD455F680AAF5D3A45B116D
                                                      SHA-512:91D6C3988F7C21A5533E31D0DEC479AD9A20B0DFC45EA29A2D084ED5B425F449B64BC995C76CCF3BCC0DE34B152FD9C7D5485DB0A0B989DB2CBF7C2A41A7CCA9
                                                      Malicious:false
                                                      Reputation:low
                                                      Preview: <?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <appSettings>.. <add key="PC" value="W069" />.. <add key="HomePageRedirect" value="msn" />.. <add key="InstallType" value="UI" />.. <add key="SetHomePage" value="true" /> .. <add key="SetSearchEngine" value="true" /> .. <add key="SupportedBrowsers" value="GC,IE,MF,ME" /> .. <add key="DefaultBrowser" value="Off" />.. <add key="HomePageUrl" value="https://www.msn.com/?pc=__PARAM__&amp;ocid=MSNHP___PARAM__" />.. <add key="WelcomePageURL" value=""/>.. <add key="ShowWelcomePage" value="false"/>.. <add key="EnableVisualSearch" value="false"/>.. </appSettings>..</configuration>
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\BrowserDefMgr.dll
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):4008840
                                                      Entropy (8bit):6.641260136366347
                                                      Encrypted:false
                                                      SSDEEP:98304:J5vdv3F6HyuqTiihS8SOGtqgYqbTaaCLLJlu51aCQiRaU:J5vdYvdLGrLSaCQiRd
                                                      MD5:DBBAFE0B33078C1188E7EB7FB1688F0B
                                                      SHA1:3D1E43A3C0A33F0B3BA76420859A8E1C75A1F9C2
                                                      SHA-256:B0FB95E348F190408AAB7C5BAFDFB2FABABCD37325DF62DA9705C8F7B609D32F
                                                      SHA-512:F605A8B5FB8DF37D1F97B3876C7C05BEB54482B7F9BD2756B34F51B4414DFB47D2F71DEB2B2B42448F24A859E022D7E31A2C4688F05EF91D750AA9CA9EFBA061
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 3%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......~..::.mi:.mi:.mia.nh7.mia.hh..mi.ih+.mi.nh,.mi.hhj.mia.ih".mia.lh'.mi:.li..mi..dh'.mi..mh;.mi...i;.mi:..i;.mi..oh;.miRich:.mi........PE..L....._...........!.........R5.....%1.......................................@=.......>...@.............................................X.3...........=..#....<..S......p...............................@............................................text...\........................... ..`.rdata..(...........................@..@.data....-....... ..................@....rsrc...X.3.......3.................@..@.reloc...S....<..T....<.............@..B................................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\DispatchQueue.dll
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):158080
                                                      Entropy (8bit):6.57378529370525
                                                      Encrypted:false
                                                      SSDEEP:3072:oo9X5ooAfvWHrgCP0Y6jaJ+681+LnKAC/yOh3eBuPj+jRzpmfyrFBsw5yWXgZ:ood5ooAfvogCyR6HLCb3yuPj+/ssxXgZ
                                                      MD5:3E32206E07EEFAA6E9CE6B3D70E0C1D5
                                                      SHA1:BA3AB0FBD00453E5049D95F61A21D40CB68CF235
                                                      SHA-256:B19E2C644108614CDB2607F850CED43120161B191501618806C0F91842246F9B
                                                      SHA-512:FE43CACD43023E1E09FCCC83C393089FD601F7E03B01207A73D0364858928D413555D7E70E45A43D67E66976079EB980BDD53836643214741AE17895A135A5AF
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 3%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........i;...h...h...h..i...h..i$..h..i...hz..i...hz..i...hz..i...h..i...h...h/..h7..i...h7..i...h7..h...h..h...h7..i...hRich...h........................PE..L.....u_...........!................................................................q.....@..........................#..$....$.......P..p............F...#...`......l...p...............................@............................................text...j........................... ..`.rdata..L...........................@..@.data...l....0....... ..............@....rsrc...p....P.......,..............@..@.reloc.......`.......2..............@..B................................................................................................................................................................................................................................................................................
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\Newtonsoft.Json.dll
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):700336
                                                      Entropy (8bit):5.9289057284451445
                                                      Encrypted:false
                                                      SSDEEP:12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
                                                      MD5:6815034209687816D8CF401877EC8133
                                                      SHA1:1248142EB45EED3BEB0D9A2D3B8BED5FE2569B10
                                                      SHA-256:7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
                                                      SHA-512:3398094CE429AB5DCDECF2AD04803230669BB4ACCAEF7083992E9B87AFAC55841BA8DEF2A5168358BD17E60799E55D076B0E5CA44C86B9E6C91150D3DC37C721
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Joe Sandbox View:
                                                      • Filename: , Detection: malicious, Browse
                                                      • Filename: ProtonVPN_win_v1.16.3.exe, Detection: malicious, Browse
                                                      • Filename: ProGetSetup5.3.6.exe, Detection: malicious, Browse
                                                      • Filename: ProtonVPN_win_v1.16.1.exe, Detection: malicious, Browse
                                                      • Filename: ProtonVPN_win_v1.15.0.exe, Detection: malicious, Browse
                                                      • Filename: , Detection: malicious, Browse
                                                      Reputation:moderate, very likely benign file
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................f*....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..
                                                      C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
                                                      Process:C:\Users\user\Desktop\BingWallpaper.exe
                                                      File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Category:dropped
                                                      Size (bytes):149376
                                                      Entropy (8bit):6.147634755430841
                                                      Encrypted:false
                                                      SSDEEP:3072:6pLnNsAdaczOcoAbtuyjP0u12bx7u5CdDpw70:6pLnaSadPAJuyjW7u5SDpw70
                                                      MD5:6D82A313035A9A8A9475FC95DBAA791C
                                                      SHA1:FF8CBA4E8F004D01DA206A4300443557FF015E05
                                                      SHA-256:031A7B5FA53531CFFE904CA6C77ABBCEFFC29295B66D5D9D30990FF4E0DA57FD
                                                      SHA-512:EB3752099DB1D1B4DEA201EF89FB4AF44F374153DA8F243846CA3F5B05BAB74F3222A737BED9EB39AF637FD6113B9591213FB99691979A90E8087C347E86F27D
                                                      Malicious:false
                                                      Antivirus:
                                                      • Antivirus: Metadefender, Detection: 0%, Browse
                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                      Reputation:low
                                                      Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........;..h..h..h...i..h...i+.h...i..h_..i..h_..i..h_..i..h...i..h..h..h...i..h..sh..h...i..hRich..h........................PE..L...|.U_.....................J......q(............@..........................`............@.....................................x....0...............$...#...@......X...p...............................@...............8............................text...)........................... ..`.rdata..2........ ..................@..@.data...............................@....rsrc........0......................@..@.reloc.......@......................@..B................................................................................................................................................................................................................................................................................................

                                                      Static File Info

                                                      General

                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                      Entropy (8bit):7.997508804848012
                                                      TrID:
                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                      • DOS Executable Generic (2002/1) 0.02%
                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                      File name:BingWallpaper.exe
                                                      File size:8585112
                                                      MD5:333ed21e54075cf3cf19be8c38c6f122
                                                      SHA1:f4b3b4324d594bdd76c27baee8730db3b07495a2
                                                      SHA256:2256580eed80d1262369169185bd9412062d0cb0d1aff219625aec76ca3ed5fb
                                                      SHA512:e1f2e4a404f79ddcf5f5c5ca4a1cdda0f98f6b195a54afd89d7d6d852d419ed0761ee04f4b8cf2c84e7fb78344ef02d1a5bec80b82e58e1584e6e1920b526245
                                                      SSDEEP:196608:nuqAvuNxNiQwQKaeNGjQ5XiOCaIed6pb7VCC1ec3:+vuNxNVwPBvzI269UCsc3
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........C...C...C.......B.......B.......W.......R...C...........J.....d.B.......B...RichC...................PE..L....s8............

                                                      File Icon

                                                      Icon Hash:f8e0e4e8ecccc870

                                                      Static PE Info

                                                      General

                                                      Entrypoint:0x406a00
                                                      Entrypoint Section:.text
                                                      Digitally signed:true
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                      DLL Characteristics:GUARD_CF, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                      Time Stamp:0xB9387306 [Thu Jun 21 06:07:02 2068 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:10
                                                      OS Version Minor:0
                                                      File Version Major:10
                                                      File Version Minor:0
                                                      Subsystem Version Major:10
                                                      Subsystem Version Minor:0
                                                      Import Hash:646167cce332c1c252cdcb1839e0cf48

                                                      Authenticode Signature

                                                      Signature Valid:true
                                                      Signature Issuer:CN=Microsoft Code Signing PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                      Signature Validation Error:The operation completed successfully
                                                      Error Number:0
                                                      Not Before, Not After
                                                      • 3/4/2020 7:39:48 PM 3/3/2021 7:39:48 PM
                                                      Subject Chain
                                                      • CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
                                                      Version:3
                                                      Thumbprint MD5:7E19D2AB4A33E7EBA2BA427EDDA755BA
                                                      Thumbprint SHA-1:A5BCE29A2944105E0E25B626120264BB03499052
                                                      Thumbprint SHA-256:6AE3F473BA70322FA133C1E95F0B3499260AF8B21B568BF240701466C9F655F7
                                                      Serial:3300000188AF52D6B9926DE8F9000000000188
                                                      Instruction
                                                      call 00007FF1747989F5h
                                                      jmp 00007FF1747982F5h
                                                      push 00000058h
                                                      push 00407268h
                                                      call 00007FF174798A97h
                                                      xor ebx, ebx
                                                      mov dword ptr [ebp-20h], ebx
                                                      lea eax, dword ptr [ebp-68h]
                                                      push eax
                                                      call dword ptr [0040A184h]
                                                      mov dword ptr [ebp-04h], ebx
                                                      mov eax, dword ptr fs:[00000018h]
                                                      mov esi, dword ptr [eax+04h]
                                                      mov edi, ebx
                                                      mov edx, 004088ACh
                                                      mov ecx, esi
                                                      xor eax, eax
                                                      lock cmpxchg dword ptr [edx], ecx
                                                      test eax, eax
                                                      je 00007FF17479830Ah
                                                      cmp eax, esi
                                                      jne 00007FF1747982F9h
                                                      xor esi, esi
                                                      inc esi
                                                      mov edi, esi
                                                      jmp 00007FF174798302h
                                                      push 000003E8h
                                                      call dword ptr [0040A188h]
                                                      jmp 00007FF1747982C9h
                                                      xor esi, esi
                                                      inc esi
                                                      cmp dword ptr [004088B0h], esi
                                                      jne 00007FF1747982FCh
                                                      push 0000001Fh
                                                      call 00007FF174798825h
                                                      pop ecx
                                                      jmp 00007FF17479832Ch
                                                      cmp dword ptr [004088B0h], ebx
                                                      jne 00007FF17479831Eh
                                                      mov dword ptr [004088B0h], esi
                                                      push 004010C4h
                                                      push 004010B8h
                                                      call 00007FF174798450h
                                                      pop ecx
                                                      pop ecx
                                                      test eax, eax
                                                      je 00007FF174798309h
                                                      mov dword ptr [ebp-04h], FFFFFFFEh
                                                      mov eax, 000000FFh
                                                      jmp 00007FF174798429h
                                                      mov dword ptr [004081E4h], esi
                                                      cmp dword ptr [004088B0h], esi
                                                      jne 00007FF17479830Dh
                                                      push 004010B4h
                                                      push 004010ACh
                                                      call 00007FF1747989E3h
                                                      pop ecx
                                                      pop ecx
                                                      mov dword ptr [000088B0h], 00000000h
                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xa28c0xb4.idata
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xc0000x825590.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x82dc000x2398.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0x8320000x888.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0x14100x54.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x10080x40.text
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0xa0000x288.idata
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                      Sections

                                                      NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x10000x62c40x6400False0.5751953125data6.30394838051IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                      .data0x80000x1a480x200False0.609375data4.97063954396IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                      .idata0xa0000x10520x1200False0.413628472222data5.02089703405IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .rsrc0xc0000x8255900x825600unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0x8320000x8880xa00False0.751171875data6.27286379786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      NameRVASizeTypeLanguageCountry
                                                      AVI0xca100x2e1aRIFF (little-endian) data, AVI, 272 x 60, 10.00 fps, video: RLE 8bppEnglishUnited States
                                                      RT_ICON0xf82c0x668dataEnglishUnited States
                                                      RT_ICON0xfe940x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 2291109880, next used block 28872EnglishUnited States
                                                      RT_ICON0x1017c0x1e8dataEnglishUnited States
                                                      RT_ICON0x103640x128GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                      RT_ICON0x1048c0xea8dataEnglishUnited States
                                                      RT_ICON0x113340x8a8dBase IV DBT of @.DBF, block length 1024, next free block index 40, next free block 15066613, next used block 15000828EnglishUnited States
                                                      RT_ICON0x11bdc0x6c8dataEnglishUnited States
                                                      RT_ICON0x122a40x568GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                      RT_ICON0x1280c0xd9d2PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                      RT_ICON0x201e00x25a8dataEnglishUnited States
                                                      RT_ICON0x227880x10a8dataEnglishUnited States
                                                      RT_ICON0x238300x988dataEnglishUnited States
                                                      RT_ICON0x241b80x468GLS_BINARY_LSB_FIRSTEnglishUnited States
                                                      RT_DIALOG0x246200x2f2dataEnglishUnited States
                                                      RT_DIALOG0x249140x1b0dataEnglishUnited States
                                                      RT_DIALOG0x24ac40x166dataEnglishUnited States
                                                      RT_DIALOG0x24c2c0x1c0dataEnglishUnited States
                                                      RT_DIALOG0x24dec0x130dataEnglishUnited States
                                                      RT_DIALOG0x24f1c0x120dataEnglishUnited States
                                                      RT_STRING0x2503c0x8cdataEnglishUnited States
                                                      RT_STRING0x250c80x520dataEnglishUnited States
                                                      RT_STRING0x255e80x5ccdataEnglishUnited States
                                                      RT_STRING0x25bb40x4b0dataEnglishUnited States
                                                      RT_STRING0x260640x44adataEnglishUnited States
                                                      RT_STRING0x264b00x3cedataEnglishUnited States
                                                      RT_RCDATA0x268800x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x268880x809aedMicrosoft Cabinet archive data, 8428269 bytes, 9 filesEnglishUnited States
                                                      RT_RCDATA0x8303780x4dataEnglishUnited States
                                                      RT_RCDATA0x83037c0x24dataEnglishUnited States
                                                      RT_RCDATA0x8303a00x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303a80x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303b00x4dataEnglishUnited States
                                                      RT_RCDATA0x8303b40x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303bc0x4dataEnglishUnited States
                                                      RT_RCDATA0x8303c00x15ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303d80x4dataEnglishUnited States
                                                      RT_RCDATA0x8303dc0xeASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303ec0x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_RCDATA0x8303f40x7ASCII text, with no line terminatorsEnglishUnited States
                                                      RT_GROUP_ICON0x8303fc0xbcdataEnglishUnited States
                                                      RT_VERSION0x8304b80x4ecdata
                                                      RT_VERSION0x8309a40x408dataEnglishUnited States
                                                      RT_MANIFEST0x830dac0x7e2XML 1.0 document, ASCII text, with CRLF line terminatorsEnglishUnited States
                                                      DLLImport
                                                      ADVAPI32.dllGetTokenInformation, RegDeleteValueA, RegOpenKeyExA, RegQueryInfoKeyA, FreeSid, OpenProcessToken, RegSetValueExA, RegCreateKeyExA, LookupPrivilegeValueA, AllocateAndInitializeSid, RegQueryValueExA, EqualSid, RegCloseKey, AdjustTokenPrivileges
                                                      KERNEL32.dll_lopen, _llseek, CompareStringA, GetLastError, GetFileAttributesA, GetSystemDirectoryA, LoadLibraryA, DeleteFileA, GlobalAlloc, GlobalFree, CloseHandle, WritePrivateProfileStringA, IsDBCSLeadByte, GetWindowsDirectoryA, SetFileAttributesA, GetProcAddress, GlobalLock, LocalFree, RemoveDirectoryA, FreeLibrary, _lclose, CreateDirectoryA, GetPrivateProfileIntA, GetPrivateProfileStringA, GlobalUnlock, ReadFile, SizeofResource, WriteFile, GetDriveTypeA, lstrcmpA, SetFileTime, SetFilePointer, FindResourceA, CreateMutexA, GetVolumeInformationA, ExpandEnvironmentStringsA, GetCurrentDirectoryA, FreeResource, GetVersion, SetCurrentDirectoryA, GetTempPathA, LocalFileTimeToFileTime, CreateFileA, SetEvent, TerminateThread, GetVersionExA, LockResource, GetSystemInfo, CreateThread, ResetEvent, LoadResource, ExitProcess, GetModuleHandleW, CreateProcessA, FormatMessageA, GetTempFileNameA, DosDateTimeToFileTime, CreateEventA, GetExitCodeProcess, FindNextFileA, LocalAlloc, GetShortPathNameA, MulDiv, GetDiskFreeSpaceA, EnumResourceLanguagesA, GetTickCount, GetSystemTimeAsFileTime, GetCurrentThreadId, GetCurrentProcessId, QueryPerformanceCounter, TerminateProcess, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetStartupInfoW, Sleep, FindClose, GetCurrentProcess, FindFirstFileA, WaitForSingleObject, GetModuleFileNameA, LoadLibraryExA
                                                      GDI32.dllGetDeviceCaps
                                                      USER32.dllSetWindowLongA, GetDlgItemTextA, DialogBoxIndirectParamA, ShowWindow, MsgWaitForMultipleObjects, SetWindowPos, GetDC, GetWindowRect, DispatchMessageA, GetDesktopWindow, CharUpperA, SetDlgItemTextA, ExitWindowsEx, MessageBeep, EndDialog, CharPrevA, LoadStringA, CharNextA, EnableWindow, ReleaseDC, SetForegroundWindow, PeekMessageA, GetDlgItem, SendMessageA, SendDlgItemMessageA, MessageBoxA, SetWindowTextA, GetWindowLongA, CallWindowProcA, GetSystemMetrics
                                                      msvcrt.dll_controlfp, ?terminate@@YAXXZ, _acmdln, _initterm, __setusermatherr, _except_handler4_common, memcpy, _ismbblead, __p__fmode, _cexit, _exit, exit, __set_app_type, __getmainargs, _amsg_exit, __p__commode, _XcptFilter, memcpy_s, _vsnprintf, memset
                                                      COMCTL32.dll
                                                      Cabinet.dll
                                                      VERSION.dllGetFileVersionInfoA, VerQueryValueA, GetFileVersionInfoSizeA
                                                      DescriptionData
                                                      LegalCopyright Microsoft Corporation. All rights reserved.
                                                      InternalNameWextract
                                                      FileVersion1.0.8.2
                                                      CompanyNameMicrosoft Corporation
                                                      ProductNameBingWallpaper
                                                      ProductVersion1.0.8.2
                                                      FileDescriptionBingWallpaper
                                                      OriginalFilenameWEXTRACT.EXE .MUI
                                                      Translation0x0409 0x04b0

                                                      Possible Origin

                                                      Language of compilation systemCountry where language is spokenMap
                                                      EnglishUnited States

                                                      Network Behavior

                                                      No network behavior found

                                                      Code Manipulations

                                                      Statistics

                                                      CPU Usage

                                                      Click to jump to process

                                                      Memory Usage

                                                      Click to jump to process

                                                      High Level Behavior Distribution

                                                      • File
                                                      • Registry

                                                      Click to dive into process behavior distribution

                                                      Behavior

                                                      Click to jump to process

                                                      System Behavior

                                                      Analysis Process: BingWallpaper.exe PID: 6124 Parent PID: 5956

                                                      Function Logs

                                                      General

                                                      Start time:12:15:46
                                                      Start date:04/02/2021
                                                      Path:C:\Users\user\Desktop\BingWallpaper.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:'C:\Users\user\Desktop\BingWallpaper.exe'
                                                      Imagebase:0x860000
                                                      File size:8585112 bytes
                                                      MD5 hash:333ED21E54075CF3CF19BE8C38C6F122
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      Show Windows behavior

                                                      System Activities

                                                      Show Windows behavior

                                                      LPC Port Activities

                                                      Analysis Process: StartupInstaller.exe PID: 6584 Parent PID: 6124

                                                      Function Logs

                                                      General

                                                      Start time:12:15:47
                                                      Start date:04/02/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
                                                      Imagebase:0x8e0000
                                                      File size:149376 bytes
                                                      MD5 hash:6D82A313035A9A8A9475FC95DBAA791C
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Antivirus matches:
                                                      • Detection: 0%, Metadefender, Browse
                                                      • Detection: 0%, ReversingLabs
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      Show Windows behavior

                                                      System Activities

                                                      Show Windows behavior

                                                      LPC Port Activities

                                                      Analysis Process: BWInstaller.exe PID: 3716 Parent PID: 6584

                                                      Function Logs

                                                      General

                                                      Start time:12:15:48
                                                      Start date:04/02/2021
                                                      Path:C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:C:\Users\user\AppData\Local\Temp\IXP000.TMP\BWInstaller.exe
                                                      Imagebase:0x3f0000
                                                      File size:729992 bytes
                                                      MD5 hash:15103A2F376A076B4BB4D4EAC83CA1E6
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:.Net C# or VB.NET
                                                      Antivirus matches:
                                                      • Detection: 0%, Metadefender, Browse
                                                      • Detection: 0%, ReversingLabs
                                                      Reputation:low
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      Show Windows behavior

                                                      System Activities

                                                      Show Windows behavior

                                                      Timing Activities

                                                      Show Windows behavior

                                                      Windows UI Activities

                                                      Show Windows behavior

                                                      Process Token Activities

                                                      Show Windows behavior

                                                      LPC Port Activities

                                                      Analysis Process: rundll32.exe PID: 6440 Parent PID: 3424

                                                      Function Logs

                                                      General

                                                      Start time:12:15:58
                                                      Start date:04/02/2021
                                                      Path:C:\Windows\System32\rundll32.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:'C:\Windows\system32\rundll32.exe' C:\Windows\system32\advpack.dll,DelNodeRunDLL32 'C:\Users\user\AppData\Local\Temp\IXP000.TMP\'
                                                      Imagebase:0x7ff6ea160000
                                                      File size:69632 bytes
                                                      MD5 hash:73C519F050C20580F8A62C849D49215A
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Show Windows behavior

                                                      File Activities

                                                      Show Windows behavior

                                                      Section Activities

                                                      Show Windows behavior

                                                      Registry Activities

                                                      Show Windows behavior

                                                      Mutex Activities

                                                      Show Windows behavior

                                                      Process Activities

                                                      Show Windows behavior

                                                      Thread Activities

                                                      Show Windows behavior

                                                      Memory Activities

                                                      Show Windows behavior

                                                      System Activities

                                                      Show Windows behavior

                                                      Windows UI Activities

                                                      Show Windows behavior

                                                      LPC Port Activities

                                                      Disassembly

                                                      Code Analysis

                                                      Analysis Process: BingWallpaper.exe PID: 6124 Parent PID: 5956 BingWallpaper.exeCOMMON

                                                      Executed Functions

                                                      Non-executed Functions

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E00867105() {
				void* _v8;
				struct _FILETIME _v16;
				signed int _v20;
				union _LARGE_INTEGER _v24;
				signed int _t23;
				signed int _t36;
				signed int _t37;
				signed int _t39;

				_v16.dwLowDateTime = _v16.dwLowDateTime & 0x00000000;
				_v16.dwHighDateTime = _v16.dwHighDateTime & 0x00000000;
				_t23 =  *0x868004; // 0x29d3e821
				if(_t23 == 0xbb40e64e || (0xffff0000 & _t23) == 0) {
					GetSystemTimeAsFileTime( &_v16);
					_v8 = _v16.dwHighDateTime ^ _v16.dwLowDateTime;
					_v8 = _v8 ^ GetCurrentProcessId();
					_v8 = _v8 ^ GetCurrentThreadId();
					_v8 = GetTickCount() ^ _v8 ^  &_v8;
					QueryPerformanceCounter( &_v24);
					_t36 = _v20 ^ _v24.LowPart ^ _v8;
					_t39 = _t36;
					if(_t36 == 0xbb40e64e || ( *0x868004 & 0xffff0000) == 0) {
						_t36 = 0xbb40e64f;
						_t39 = 0xbb40e64f;
					}
					 *0x868004 = _t39;
				}
				_t37 =  !_t36;
				 *0x868008 = _t37;
				return _t37;
			}











                                                      0x0086710d
                                                      0x00867111
                                                      0x00867115
                                                      0x00867128
                                                      0x00867132
                                                      0x0086713e
                                                      0x00867147
                                                      0x00867150
                                                      0x00867161
                                                      0x00867168
                                                      0x00867174
                                                      0x00867177
                                                      0x0086717b
                                                      0x00867185
                                                      0x0086718a
                                                      0x0086718a
                                                      0x0086718c
                                                      0x0086718c
                                                      0x00867192
                                                      0x00867195
                                                      0x0086719c

                                                      APIs
                                                      • GetSystemTimeAsFileTime.KERNEL32(00000000), ref: 00867132
                                                      • GetCurrentProcessId.KERNEL32 ref: 00867141
                                                      • GetCurrentThreadId.KERNEL32 ref: 0086714A
                                                      • GetTickCount.KERNEL32 ref: 00867153
                                                      • QueryPerformanceCounter.KERNEL32(?), ref: 00867168
                                                      Memory Dump Source
                                                      • Source File: 00000000.00000002.1041496365.0000000000861000.00000020.00020000.sdmp, Offset: 00860000, based on PE: true
                                                      • Associated: 00000000.00000002.1041479467.0000000000860000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000000.00000002.1041536125.0000000000868000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000000.00000002.1041550571.000000000086A000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000000.00000002.1041561609.000000000086C000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
                                                      • String ID:
                                                      • API String ID: 1445889803-0
                                                      • Opcode ID: 8be0c6b69583c217d0fd60eaed4e4c6a250995e60ace687a6471149a78d69ee6
                                                      • Instruction ID: 36f52e172466eb4cd50298ebbdea5ec9258afde2142e1471c6d017d31efaa8f6
                                                      • Opcode Fuzzy Hash: 8be0c6b69583c217d0fd60eaed4e4c6a250995e60ace687a6471149a78d69ee6
                                                      • Instruction Fuzzy Hash: A8112A71D01608EBCF14DFB8DA48A9EB7F4FF59314F665966D406E7210EB709A048F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Analysis Process: StartupInstaller.exe PID: 6584 Parent PID: 6124 StartupInstaller.exeCOMMON

                                                      Executed Functions

                                                      Download Yara Rule
                                                      C-Code - Quality: 71%
                                                      			E008E1150(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v0;
				intOrPtr _v8;
				signed int _v12;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				int** _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				char _v80;
				signed int _v84;
				intOrPtr _v88;
				short* _v92;
				signed int _v96;
				signed int _v100;
				char _v272;
				short _v800;
				short _v804;
				short _v806;
				short _v808;
				short _v810;
				short _v812;
				intOrPtr _v840;
				char _v848;
				char _v868;
				char _v1080;
				struct _STARTUPINFOW _v1212;
				char _v1216;
				WCHAR* _v1224;
				WCHAR* _v1228;
				signed int _v1232;
				void* _v1244;
				signed int _v1252;
				signed int _v1280;
				int* _v1284;
				signed int _v1292;
				int* _v1296;
				short _v1300;
				struct _PROCESS_INFORMATION _v1316;
				void _v1328;
				signed int _v1332;
				int* _v1336;
				signed int _v1340;
				int* _v1344;
				intOrPtr _v1348;
				WCHAR* _v1352;
				short* _v1356;
				short* _v1360;
				signed int _v1364;
				signed int _v1368;
				signed int _v1376;
				int* _v1380;
				char _v1384;
				intOrPtr _v1388;
				int* _v1392;
				short _v1396;
				signed int _v1400;
				signed int _v1408;
				int* _v1412;
				signed int _v1416;
				int* _v1420;
				char _v1436;
				int* _v1440;
				intOrPtr _v1444;
				intOrPtr _v1448;
				signed int _v1452;
				intOrPtr _v1456;
				signed int _v1460;
				signed int _v1464;
				intOrPtr _v1468;
				intOrPtr _v1472;
				signed int _v1532;
				unsigned int _v1536;
				signed int _v1548;
				unsigned int _v1552;
				unsigned int _v1556;
				intOrPtr _v1560;
				intOrPtr _v1572;
				signed int _v1576;
				unsigned int _v1584;
				signed int _t418;
				long _t424;
				long _t425;
				WCHAR* _t428;
				signed int _t429;
				WCHAR* _t431;
				signed int _t432;
				WCHAR* _t433;
				void* _t435;
				signed int _t436;
				signed int _t442;
				signed int _t443;
				signed int _t445;
				signed int _t450;
				signed int _t452;
				short* _t453;
				int** _t456;
				signed int _t462;
				intOrPtr _t467;
				signed int _t472;
				signed int _t486;
				unsigned int _t488;
				void* _t489;
				intOrPtr _t495;
				signed int _t509;
				signed int _t511;
				signed int _t512;
				unsigned int _t514;
				void* _t515;
				void* _t521;
				signed int _t532;
				signed int _t534;
				void* _t537;
				void* _t538;
				signed int _t540;
				signed int _t541;
				signed int _t544;
				unsigned int _t546;
				signed int _t550;
				signed int _t551;
				signed int _t555;
				signed int _t560;
				signed int _t563;
				signed short* _t570;
				intOrPtr _t571;
				signed int _t572;
				int** _t574;
				signed int _t581;
				signed int _t585;
				signed int _t587;
				signed int _t590;
				signed int _t597;
				signed short* _t599;
				signed int _t607;
				long _t609;
				intOrPtr _t616;
				signed int _t618;
				signed int _t620;
				short* _t627;
				short* _t629;
				signed int _t638;
				intOrPtr _t642;
				int* _t646;
				intOrPtr _t651;
				intOrPtr _t659;
				signed int _t676;
				intOrPtr _t680;
				WCHAR* _t684;
				signed char _t691;
				void* _t692;
				intOrPtr* _t693;
				signed int _t696;
				long _t700;
				void* _t701;
				signed int _t702;
				unsigned int _t704;
				signed int _t705;
				signed int _t712;
				signed int _t717;
				int** _t725;
				signed int _t728;
				signed int _t729;
				signed int _t730;
				unsigned int _t731;
				void* _t738;
				void* _t741;
				void* _t748;
				void* _t749;
				intOrPtr* _t750;
				int** _t754;
				signed short* _t756;
				signed int _t760;
				intOrPtr* _t765;
				intOrPtr* _t769;
				intOrPtr _t776;
				signed int _t779;
				intOrPtr _t784;
				int* _t785;
				intOrPtr _t786;
				signed int _t789;
				intOrPtr _t790;
				void* _t791;
				signed int _t792;
				signed int _t793;
				signed int _t795;
				signed int _t798;
				signed int _t800;
				intOrPtr* _t801;
				signed int _t802;
				intOrPtr _t803;
				intOrPtr _t805;
				intOrPtr _t806;
				signed int _t809;
				signed short* _t810;
				signed short* _t811;
				void* _t812;
				void* _t813;
				signed int _t814;
				signed int _t815;
				short* _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				signed int _t820;
				void* _t821;
				void* _t822;
				void* _t823;
				int* _t825;
				void* _t826;
				void* _t827;
				WCHAR* _t828;
				signed int _t830;
				signed int _t833;
				signed int _t834;
				signed int _t838;
				intOrPtr _t841;
				signed short* _t851;
				void* _t853;
				intOrPtr _t854;
				signed int _t860;
				int** _t863;
				signed int _t865;
				signed int _t867;
				unsigned int _t868;
				signed int _t869;
				signed int _t874;
				void* _t876;
				intOrPtr _t878;
				signed int _t881;
				void* _t883;
				signed int _t885;
				signed int _t887;
				signed int _t891;
				signed int _t894;
				void* _t896;
				void* _t897;
				signed int _t905;
				signed int _t907;
				signed int _t908;
				signed int _t912;
				void* _t913;
				void* _t919;
				void* _t920;
				void* _t921;

				_t831 = __edi;
				_t701 = __ebx;
				_push("string too long");
				E008E247D();
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_t891 = _t905;
				_t907 = (_t905 & 0xfffffff0) - 0x548;
				_t418 =  *0x901004; // 0x112d3ebc
				_v12 = _t418 ^ _t907;
				_push(__esi);
				_push(__edi);
				_v1244 = 0;
				_v1212.dwXCountChars = 4;
				E008E3900(__edi,  &_v272, 0, 0xff);
				_t908 = _t907 + 0xc;
				_v1212.dwYSize = 0xff;
				CreateMutexW(0, 0, L"// {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}"); // executed
				_t424 = RegOpenKeyW(0x80000002, L"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",  &_v1244); // executed
				if(_t424 != 0) {
					L65:
					_t425 = GetLastError();
					__eflags = _t425 - 0xb7;
					if(_t425 == 0xb7) {
						goto L105;
					} else {
						L110();
						__eflags = _v1212.lpDesktop - 8;
						_t428 =  &_v1224;
						_t833 = StrCmpIW;
						_v1352 = _t428;
						if(_v1212.lpDesktop < 8) {
							L69:
							_t860 = 0;
							__eflags = 0;
							while(1) {
								_t429 = StrCmpIW(_t428,  *(0x8ff760 + _t860 * 8));
								__eflags = _t429;
								if(_t429 == 0) {
									break;
								}
								_t428 = _v1356;
								_t860 = _t860 + 1;
								__eflags = _t860 - 0x5f;
								if(_t860 < 0x5f) {
									continue;
								} else {
									_t811 = _v1356;
									__eflags = 0;
									_v812 = 0;
									_t760 = 0x3fffffff;
									_v808 = 0;
									_t599 = _t811;
									while(1) {
										__eflags =  *_t599;
										if( *_t599 == 0) {
											break;
										}
										_t599 =  &(_t599[1]);
										_t760 = _t760 - 1;
										__eflags = _t760;
										if(_t760 != 0) {
											continue;
										}
										break;
									}
									__eflags = _t760;
									if(_t760 == 0) {
										goto L68;
									} else {
										_t601 = 0x3fffffff - _t760;
										asm("sbb ecx, ecx");
										__eflags = ( ~_t760 & 0x3fffffff - _t760 + _t601) - 2;
										if(( ~_t760 & 0x3fffffff - _t760 + _t601) <= 2) {
											goto L68;
										} else {
											_v812 =  *_t811 & 0x0000ffff;
											_v810 = _t811[1] & 0x0000ffff;
											_v808 = 0;
											_t860 = 0;
											__eflags = 0;
											while(1) {
												_t607 = StrCmpIW( &_v812,  *(0x8ff760 + _t860 * 8));
												__eflags = _t607;
												if(_t607 == 0) {
													break;
												}
												_t860 = _t860 + 1;
												__eflags = _t860 - 0x5f;
												if(_t860 < 0x5f) {
													continue;
												} else {
													_v1360 = L"StartupInstaller.exe - This installer could not be started.";
												}
												goto L83;
											}
											_v1360 =  *((intOrPtr*)(0x8ff764 + _t860 * 8));
										}
									}
								}
								goto L83;
							}
							_v1356 =  *((intOrPtr*)(0x8ff764 + _t860 * 8));
						} else {
							_t428 = _v1224;
							_v1352 = _t428;
							__eflags = _t428;
							if(_t428 != 0) {
								goto L69;
							} else {
								L68:
								_v1356 = L"StartupInstaller.exe - This installer could not be started.";
							}
						}
						L83:
						__eflags = _v1212.lpReserved - 8;
						_t431 =  &_v1228;
						_v1352 = _t431;
						if(_v1212.lpReserved < 8) {
							L86:
							_t860 = 0;
							__eflags = 0;
							while(1) {
								_t432 = StrCmpIW(_t431,  *(0x8ff468 + _t860 * 8));
								__eflags = _t432;
								if(_t432 == 0) {
									break;
								}
								_t431 = _v1356;
								_t860 = _t860 + 1;
								__eflags = _t860 - 0x5f;
								if(_t860 < 0x5f) {
									continue;
								} else {
									_t810 = _v1356;
									__eflags = 0;
									_v808 = 0;
									_t756 = _t810;
									_v804 = 0;
									_t590 = 0x3fffffff;
									while(1) {
										__eflags =  *_t756;
										if( *_t756 == 0) {
											break;
										}
										_t756 =  &(_t756[1]);
										_t590 = _t590 - 1;
										__eflags = _t590;
										if(_t590 != 0) {
											continue;
										}
										break;
									}
									__eflags = _t590;
									if(_t590 == 0) {
										L97:
										_t433 = L"This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wallpaper.\n\nDo you want to install this .Net Framework version now?";
									} else {
										_t758 = 0x3fffffff - _t590;
										asm("sbb eax, eax");
										__eflags = ( ~_t590 & 0x3fffffff - _t590 + _t758) - 2;
										if(( ~_t590 & 0x3fffffff - _t590 + _t758) <= 2) {
											goto L97;
										} else {
											_v808 =  *_t810 & 0x0000ffff;
											_v806 = _t810[1] & 0x0000ffff;
											_v804 = 0;
											_t860 = 0;
											__eflags = 0;
											while(1) {
												_t597 = StrCmpIW( &_v808,  *(0x8ff468 + _t860 * 8));
												__eflags = _t597;
												if(_t597 == 0) {
													goto L98;
												}
												_t860 = _t860 + 1;
												__eflags = _t860 - 0x5f;
												if(_t860 < 0x5f) {
													continue;
												} else {
													goto L97;
												}
												goto L99;
											}
											break;
										}
									}
								}
								goto L99;
							}
							L98:
							_t433 =  *(0x8ff46c + _t860 * 8);
						} else {
							_t431 = _v1228;
							_v1352 = _t431;
							__eflags = _t431;
							if(_t431 != 0) {
								goto L86;
							} else {
								_t433 = L"This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wallpaper.\n\nDo you want to install this .Net Framework version now?";
							}
						}
						L99:
						_t435 = MessageBoxW(0, _t433, _v1360, 0x31) - 1;
						__eflags = _t435;
						if(_t435 == 0) {
							ShellExecuteW(_t435, L"open", L"https://go.microsoft.com/fwlink/?linkid=2134832", _t435, _t435, 1);
						}
						_t798 = _v1212.cb;
						__eflags = _t798 - 8;
						if(_t798 < 8) {
							goto L105;
						} else {
							_t717 = _v1232;
							_t799 = 2 + _t798 * 2;
							_t436 = _t717;
							__eflags = _t799 - 0x1000;
							if(_t799 < 0x1000) {
								goto L104;
							} else {
								_t717 =  *((intOrPtr*)(_t717 - 4));
								_t799 = _t799 + 0x23;
								__eflags = _t436 - _t717 + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									goto L109;
								} else {
									goto L104;
								}
							}
						}
					}
				} else {
					_t609 = RegOpenKeyW(0x80000002, L"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",  &_v1244); // executed
					if(_t609 != 0) {
						L4:
						_v1212.lpReserved2 = 0;
						_push(0);
						_push(0x8f3a58);
						_v1212.hStdInput = 7;
						_v1212.dwYCountChars = 0;
						L163();
						E008E3900(_t831,  &_v800, 0, 0x208);
						_t908 = _t908 + 0xc;
						GetModuleFileNameW(0,  &_v800, 0x104);
						_v1336 = 0;
						_t765 =  &_v800;
						_v1332 = 7;
						_v1352 = 0;
						_t812 = _t765 + 2;
						asm("o16 nop [eax+eax]");
						do {
							_t616 =  *_t765;
							_t765 = _t765 + 2;
						} while (_t616 != 0);
						_push(_t765 - _t812 >> 1);
						_push( &_v800);
						L163();
						_t887 = _v1344;
						_t853 =  >=  ? _v1360 :  &_v1360;
						if(_t887 == 0) {
							L22:
							_t860 = _t887 | 0xffffffff;
							__eflags = _t860;
						} else {
							E008E3900(_t853,  &_v1080, 0, 0x100);
							_t908 = _t908 + 0xc;
							_t792 = L"\\/";
							while(1) {
								_t691 =  *_t792 & 0x0000ffff;
								if(_t691 >= 0x100) {
									break;
								}
								_t792 = _t792 + 2;
								 *((char*)(_t908 + (_t691 & 0x000000ff) + 0x130)) = 1;
								if(_t792 != 0x8ff418) {
									continue;
								} else {
									_t32 = _t887 - 1; // -1
									_t797 =  <  ? _t32 : _t792 | 0xffffffff;
									_t887 = _t853 + ( <  ? _t32 : _t792 | 0xffffffff) * 2;
									while(1) {
										_t696 =  *_t887 & 0x0000ffff;
										if(_t696 < 0x100 &&  *((char*)(_t908 + _t696 + 0x130)) != 0) {
											break;
										}
										if(_t887 == _t853) {
											goto L22;
										} else {
											_t887 = _t887 - 2;
											continue;
										}
										goto L23;
									}
									L21:
									_t860 = _t887 - _t853 >> 1;
								}
								goto L23;
							}
							_t37 = _t887 - 1; // -1
							_t692 = _t37;
							_t793 = _t792 | 0xffffffff;
							__eflags = _t692 - _t793;
							_t794 =  <  ? _t692 : _t793;
							_t887 = _t853 + ( <  ? _t692 : _t793) * 2;
							while(1) {
								L16:
								_t830 =  *_t887 & 0x0000ffff;
								_t795 = 2;
								_t693 = L"\\/";
								while(1) {
									__eflags =  *_t693 - _t830;
									if( *_t693 == _t830) {
										goto L21;
									}
									_t693 = _t693 + 2;
									_t795 = _t795 - 1;
									__eflags = _t795;
									if(_t795 != 0) {
										continue;
									} else {
										__eflags = _t887 - _t853;
										if(_t887 == _t853) {
											goto L22;
										} else {
											_t887 = _t887 - 2;
											goto L16;
										}
									}
									goto L23;
								}
								goto L21;
							}
						}
						L23:
						_t618 = _v1340;
						__eflags = _t618 - 8;
						if(_t618 < 8) {
							L27:
							__eflags = 0;
							_v1344 = 0;
							_t769 =  &_v808;
							_v1340 = 7;
							_v1360 = 0;
							_t813 = _t769 + 2;
							do {
								_t620 =  *_t769;
								_t769 = _t769 + 2;
								__eflags = _t620;
							} while (_t620 != 0);
							_push(_t769 - _t813 >> 1);
							_push( &_v808);
							L163();
							_v1296 = 0;
							__eflags = _v1352 - _t860;
							_v1316.hThread = 0;
							_t860 =  <  ? _v1352 : _t860;
							__eflags = _v1348 - 8;
							_push(_t860);
							_t624 =  >=  ? _v1368 :  &_v1368;
							_push( >=  ? _v1368 :  &_v1368);
							_v1292 = 7;
							L163();
							_t814 = _v1212.dwXSize;
							__eflags = _t814 - 8;
							if(_t814 < 8) {
								L33:
								asm("movaps xmm0, [esp+0x50]");
								_t815 = _v1356;
								asm("movaps [esp+0xc0], xmm0");
								asm("movq xmm0, [esp+0x60]");
								asm("movq [esp+0xd0], xmm0");
								__eflags = _t815 - 8;
								if(_t815 < 8) {
									L37:
									_push(1);
									_v1360 = 0;
									_push("\\");
									_v1356 = 7;
									_v1376 = 0;
									L163();
									__eflags = _v1316.dwProcessId - 8;
									_t776 =  >=  ? _v1328 :  &_v1216;
									_t833 = _v1368;
									_t627 = _v1364 - _t833;
									_t860 = _v1316.hThread;
									_v1388 = _t776;
									__eflags = _t860 - _t627;
									if(_t860 > _t627) {
										_push(_t860);
										_push(_t776);
										_push(_t776);
										_v848 = 0;
										_push(_v848);
										_push(_t860);
										L190();
									} else {
										__eflags = _v1364 - 8;
										_v1368 = _t860 + _t833;
										_t825 =  >=  ? _v1384 :  &_v1384;
										_t659 = _t860 + _t860;
										_v848 = _t659;
										_t854 = _t833 + _t833;
										_v1392 = _t825;
										_v840 = _t854;
										__eflags = _t659 + _t776 - _t825;
										if(_t659 + _t776 <= _t825) {
											L43:
											_t833 = _t860;
										} else {
											__eflags = _t776 - _t825 + _t854;
											if(_t776 > _t825 + _t854) {
												goto L43;
											} else {
												__eflags = _t825 - _t776;
												if(_t825 > _t776) {
													_t833 = _t825 - _t776 >> 1;
												} else {
													_t833 = 0;
												}
											}
										}
										E008E4D80(_v848 + _t825, _t825, _v840 + 2);
										_t860 = _t833 + _t833;
										E008E5440(_v1392, _v1388, _t860);
										E008E5440(_v1392 + _t860, _v1388 + (_v1316.hThread + _t833) * 2, _v1316.hThread - _t833 + _v1316.hThread - _t833);
										_t908 = _t908 + 0x24;
										_t627 =  &_v1384;
									}
									asm("movups xmm0, [eax]");
									asm("movups [esp+0x30], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [esp+0x40], xmm0");
									 *(_t627 + 0x10) = 0;
									 *(_t627 + 0x14) = 7;
									 *_t627 = 0;
									_t816 = _v1360;
									_t779 = _v1364;
									_t629 = _t816 - _t779;
									__eflags = _t629 - 0xf;
									if(_t629 < 0xf) {
										_push(0xf);
										_push(_t779);
										_v868 = 0;
										_push(_v868);
										_push(0xf);
										L213();
									} else {
										__eflags = _t816 - 8;
										_t860 =  >=  ? _v1380 :  &_v1380;
										_t833 = _t779 + 0xf;
										_v1364 = _t833;
										E008E4D80(_t860 + _t779 * 2, L"BWInstaller.exe", 0x1e);
										_t908 = _t908 + 0xc;
										 *((short*)(_t860 + _t833 * 2)) = 0;
										_t629 =  &_v1380;
									}
									asm("movups xmm0, [eax]");
									asm("movups [esp+0x90], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [esp+0xa0], xmm0");
									 *(_t629 + 0x10) = 0;
									 *(_t629 + 0x14) = 7;
									 *_t629 = 0;
									_t817 = _v1376;
									__eflags = _t817 - 8;
									if(_t817 < 8) {
										L53:
										_t818 = _v1400;
										_v1380 = 0;
										_v1376 = 7;
										_v1396 = 0;
										__eflags = _t818 - 8;
										if(_t818 < 8) {
											L57:
											__eflags = _v1280 - 8;
											_v1212.cb = 0x44;
											asm("xorps xmm0, xmm0");
											_t632 =  >=  ? _v1300 :  &_v1300;
											asm("movlpd [esp+0x114], xmm0");
											asm("movlpd [esp+0x11c], xmm0");
											asm("movlpd [esp+0x124], xmm0");
											asm("movlpd [esp+0x12c], xmm0");
											asm("movlpd [esp+0x134], xmm0");
											asm("movlpd [esp+0x13c], xmm0");
											asm("movlpd [esp+0x144], xmm0");
											asm("movlpd [esp+0x14c], xmm0");
											asm("movaps [esp+0xa8], xmm0"); // executed
											CreateProcessW( >=  ? _v1300 :  &_v1300, 0, 0, 0, 0, 0, 0, 0,  &_v1212,  &_v1316); // executed
											WaitForSingleObject(_v1316.hProcess, 0xffffffff);
											_t860 = CloseHandle;
											CloseHandle(_v1316);
											CloseHandle(_v1316.hThread);
											_t819 = _v1280;
											__eflags = _t819 - 8;
											if(_t819 < 8) {
												L61:
												_t820 = _v1232;
												_v1284 = 0;
												_v1280 = 7;
												_v1300 = 0;
												__eflags = _t820 - 8;
												if(_t820 < 8) {
													L105:
													__eflags = _v12 ^ _t908;
													return E008E249D(_v12 ^ _t908);
												} else {
													_t717 = _v1252;
													_t799 = 2 + _t820 * 2;
													_t638 = _t717;
													__eflags = _t799 - 0x1000;
													if(_t799 < 0x1000) {
														L104:
														_push(_t799);
														E008E25FF(_t717);
														_t908 = _t908 + 8;
														goto L105;
													} else {
														_t717 =  *((intOrPtr*)(_t717 - 4));
														_t799 = _t799 + 0x23;
														__eflags = _t638 - _t717 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															goto L108;
														} else {
															goto L104;
														}
													}
												}
											} else {
												_t784 = _v1300;
												_t821 = 2 + _t819 * 2;
												_t642 = _t784;
												__eflags = _t821 - 0x1000;
												if(_t821 < 0x1000) {
													L60:
													_push(_t821);
													E008E25FF(_t784);
													_t908 = _t908 + 8;
													goto L61;
												} else {
													_t717 =  *((intOrPtr*)(_t784 - 4));
													_t799 = _t821 + 0x23;
													__eflags = _t642 - _t717 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L108;
													} else {
														goto L60;
													}
												}
											}
										} else {
											_t785 = _v1420;
											_t822 = 2 + _t818 * 2;
											_t646 = _t785;
											__eflags = _t822 - 0x1000;
											if(_t822 < 0x1000) {
												L56:
												_push(_t822);
												E008E25FF(_t785);
												_t908 = _t908 + 8;
												goto L57;
											} else {
												_t717 =  *((intOrPtr*)(_t785 - 4));
												_t799 = _t822 + 0x23;
												__eflags = _t646 - _t717 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L107;
												} else {
													goto L56;
												}
											}
										}
									} else {
										_t786 = _v1396;
										_t823 = 2 + _t817 * 2;
										_t651 = _t786;
										__eflags = _t823 - 0x1000;
										if(_t823 < 0x1000) {
											L52:
											_push(_t823);
											E008E25FF(_t786);
											_t908 = _t908 + 8;
											goto L53;
										} else {
											_t717 =  *((intOrPtr*)(_t786 - 4));
											_t799 = _t823 + 0x23;
											__eflags = _t651 - _t717 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L107;
											} else {
												goto L52;
											}
										}
									}
								} else {
									_t789 = _v1376;
									_t826 = 2 + _t815 * 2;
									_t676 = _t789;
									__eflags = _t826 - 0x1000;
									if(_t826 < 0x1000) {
										L36:
										_push(_t826);
										E008E25FF(_t789);
										_t908 = _t908 + 8;
										goto L37;
									} else {
										_t717 =  *((intOrPtr*)(_t789 - 4));
										_t799 = _t826 + 0x23;
										__eflags = _t676 - _t717 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L108;
										} else {
											goto L36;
										}
									}
								}
							} else {
								_t790 = _v1212.lpReserved;
								_t827 = 2 + _t814 * 2;
								_t680 = _t790;
								__eflags = _t827 - 0x1000;
								if(_t827 < 0x1000) {
									L32:
									_push(_t827);
									E008E25FF(_t790);
									_t908 = _t908 + 8;
									goto L33;
								} else {
									_t717 =  *((intOrPtr*)(_t790 - 4));
									_t799 = _t827 + 0x23;
									__eflags = _t680 - _t717 + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										goto L108;
									} else {
										goto L32;
									}
								}
							}
						} else {
							_t828 = _v1360;
							_t791 = 2 + _t618 * 2;
							_t684 = _t828;
							__eflags = _t791 - 0x1000;
							if(_t791 < 0x1000) {
								L26:
								_push(_t791);
								E008E25FF(_t828);
								_t908 = _t908 + 8;
								goto L27;
							} else {
								_t799 =  *((intOrPtr*)(_t828 - 4));
								_t717 = _t791 + 0x23;
								__eflags = _t684 -  *((intOrPtr*)(_t828 - 4)) + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									E008E5D27(_t701, _t717, _t799, _t853, __eflags);
									L107:
									E008E5D27(_t701, _t717, _t799, _t833, __eflags);
									L108:
									E008E5D27(_t701, _t717, _t799, _t833, __eflags);
									L109:
									E008E5D27(_t701, _t717, _t799, _t833, __eflags);
									asm("int3");
									asm("int3");
									asm("int3");
									_t702 = _t908;
									_t912 = (_t908 - 0x00000008 & 0xfffffff8) + 4;
									_v1384 =  *((intOrPtr*)(_t702 + 4));
									_t894 = _t912;
									_t913 = _t912 - 0x48;
									_t442 =  *0x901004; // 0x112d3ebc
									_t443 = _t442 ^ _t894;
									_v1408 = _t443;
									 *[fs:0x0] =  &_v1400;
									_t445 = _t717;
									_v1464 = _t445;
									_v1460 = _t445;
									_v1460 = _t445;
									_v1412 = 0;
									_v1452 = 0;
									_v1420 = 0;
									_v1416 = 7;
									_v1436 = 0;
									L163();
									_v1392 = 0;
									__imp__GetUserPreferredUILanguages(8,  &_v1412, 0,  &_v1452, 0x8f3a58, 0, _t443, _t833, _t860, _t702,  *[fs:0x0], 0x8eede5, 0xffffffff, _t891, _t701);
									_v1440 = 0;
									asm("xorps xmm0, xmm0");
									_v1456 = 0;
									asm("movq [ebp-0x3c], xmm0");
									_t861 = 0;
									_v1444 = 0;
									_t834 = 0;
									_v1468 = 0;
									_t450 = _v1452;
									_v1472 = 0;
									_v1448 = 0;
									_v1440 = 0;
									_v1460 = _t450;
									__eflags = _t450;
									if(_t450 == 0) {
										L120:
										_v20 = 1;
										_t452 =  &_v40;
										__imp__GetUserPreferredUILanguages(8, _t452, _t861,  &_v80);
										__eflags = _t452;
										if(_t452 == 0) {
											L139:
											_t453 = _v92;
											_push(5);
											_push(L"en-us");
											 *(_t453 + 0x10) = 0;
											 *(_t453 + 0x14) = 7;
											 *_t453 = 0;
											L163();
											__eflags = _t861;
											if(_t861 == 0) {
												L143:
												_t800 = _v44;
												__eflags = _t800 - 8;
												if(_t800 < 8) {
													goto L137;
												} else {
													_t725 = _v64;
													_t801 = 2 + _t800 * 2;
													_t456 = _t725;
													__eflags = _t801 - 0x1000;
													if(_t801 < 0x1000) {
														goto L136;
													} else {
														_t725 =  *(_t725 - 4);
														_t801 = _t801 + 0x23;
														__eflags = _t456 - _t725 + 0xfffffffc - 0x1f;
														if(__eflags <= 0) {
															goto L136;
														} else {
															goto L146;
														}
													}
												}
											} else {
												_t555 = _t861;
												_t834 = _t834 - _t861 & 0xfffffffe;
												__eflags = _t834 - 0x1000;
												if(_t834 < 0x1000) {
													L142:
													_push(_t834);
													E008E25FF(_t861);
													_t913 = _t913 + 8;
													goto L143;
												} else {
													_t861 =  *(_t861 - 4);
													_t834 = _t834 + 0x23;
													__eflags = _t555 - _t861 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L146;
													} else {
														goto L142;
													}
												}
											}
										} else {
											_t801 = _v96;
											_t560 = _v84 - _t801;
											__eflags = _t560;
											if(_t560 == 0) {
												goto L139;
											} else {
												__eflags = _v40;
												if(_v40 <= 0) {
													goto L139;
												} else {
													_t750 = _t801;
													_v88 = _t750 + 2;
													do {
														_t563 =  *_t750;
														_t750 = _t750 + 2;
														__eflags = _t563;
													} while (_t563 != 0);
													_push(_t750 - _v88 >> 1);
													_push(_t801);
													L163();
													__eflags = _v44 - 8;
													_t754 = _v64;
													_t565 =  >=  ? _t754 :  &_v64;
													_v84 =  >=  ? _t754 :  &_v64;
													_t567 =  >=  ? _t754 :  &_v64;
													_t834 = _v68;
													_v96 =  &(( >=  ? _t754 :  &_v64)[_v48]);
													_t570 =  >=  ? _t754 :  &_v64;
													__eflags = _t570 - _v96;
													if(_t570 != _v96) {
														_t851 = _t570;
														_t274 =  &_v84;
														 *_t274 = _v84 - _t851;
														__eflags =  *_t274;
														_t885 = _v84;
														do {
															 *((short*)(_t885 + _t851)) = E008E5B3B( *_t851 & 0x0000ffff);
															_t913 = _t913 + 4;
															_t851 =  &(_t851[1]);
															__eflags = _t851 - _v96;
														} while (_t851 != _v96);
														_t861 = _v100;
														_t834 = _v68;
													}
													__eflags = _v48;
													if(_v48 == 0) {
														goto L139;
													} else {
														_t571 = _v92;
														_t725 = 0;
														asm("movups xmm0, [ebp-0x30]");
														_v64 = 0;
														 *(_t571 + 0x10) = 0;
														 *(_t571 + 0x14) = 0;
														asm("movups [eax], xmm0");
														asm("movq xmm0, [ebp-0x20]");
														asm("movq [eax+0x10], xmm0");
														_v48 = 0;
														_v44 = 7;
														__eflags = _t861;
														if(_t861 == 0) {
															L138:
															 *[fs:0x0] = _v28;
															__eflags = _v36 ^ _t894;
															return E008E249D(_v36 ^ _t894);
														} else {
															_t572 = _t861;
															_t834 = _t834 - _t861 & 0xfffffffe;
															__eflags = _t834 - 0x1000;
															if(_t834 < 0x1000) {
																L133:
																_push(_t834);
																E008E25FF(_t861);
																_t809 = _v44;
																_t913 = _t913 + 8;
																__eflags = _t809 - 8;
																if(_t809 < 8) {
																	L137:
																	goto L138;
																} else {
																	_t725 = _v64;
																	_t801 = 2 + _t809 * 2;
																	_t574 = _t725;
																	__eflags = _t801 - 0x1000;
																	if(_t801 < 0x1000) {
																		L136:
																		_push(_t801);
																		E008E25FF(_t725);
																		goto L137;
																	} else {
																		_t725 =  *(_t725 - 4);
																		_t801 = _t801 + 0x23;
																		__eflags = _t574 - _t725 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L146;
																		} else {
																			goto L136;
																		}
																	}
																}
															} else {
																_t861 =  *(_t861 - 4);
																_t834 = _t834 + 0x23;
																__eflags = _t572 - _t861 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L146;
																} else {
																	goto L133;
																}
															}
														}
													}
												}
											}
										}
									} else {
										__eflags = _t450 - 0x7fffffff;
										if(_t450 > 0x7fffffff) {
											L147:
											L189();
											goto L148;
										} else {
											_t834 = _t450 + _t450;
											__eflags = _t834 - 0x1000;
											if(_t834 < 0x1000) {
												__eflags = _t834;
												if(__eflags == 0) {
													_t861 = 0;
													__eflags = 0;
												} else {
													_t585 = E008E25CF( &_v1436, 0, __eflags, _t834);
													_t913 = _t913 + 4;
													_t861 = _t585;
												}
												goto L119;
											} else {
												_t240 = _t834 + 0x23; // 0x23
												_t586 = _t240;
												__eflags = _t240 - _t834;
												if(__eflags <= 0) {
													L148:
													E008E10B0();
													asm("int3");
													asm("int3");
													_push(_t861);
													_t863 = _t725;
													_t462 =  *_t863;
													__eflags = _t462;
													if(_t462 == 0) {
														L154:
														return _t462;
													} else {
														_t728 = _t863[2] - _t462 & 0xfffffffe;
														__eflags = _t728 - 0x1000;
														if(_t728 < 0x1000) {
															L153:
															_push(_t728);
															_t462 = E008E25FF(_t462);
															 *_t863 = 0;
															_t863[1] = 0;
															_t863[2] = 0;
															goto L154;
														} else {
															_t802 =  *(_t462 - 4);
															_t728 = _t728 + 0x23;
															__eflags = _t462 - _t802 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																E008E5D27(_t702, _t728, _t802, _t834, __eflags);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t863);
																_t865 = _t728;
																_t729 =  *(_t865 + 0x14);
																__eflags = _t729 - 8;
																if(_t729 < 8) {
																	L161:
																	__eflags = 0;
																	 *(_t865 + 0x10) = 0;
																	 *(_t865 + 0x14) = 7;
																	 *_t865 = 0;
																	return 0;
																} else {
																	_t467 =  *_t865;
																	_t730 = 2 + _t729 * 2;
																	__eflags = _t730 - 0x1000;
																	if(_t730 < 0x1000) {
																		L160:
																		_push(_t730);
																		E008E25FF(_t467);
																		goto L161;
																	} else {
																		_t803 =  *((intOrPtr*)(_t467 - 4));
																		_t730 = _t730 + 0x23;
																		__eflags = _t467 - _t803 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			E008E5D27(_t702, _t730, _t803, _t834, __eflags);
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			_push(_t894);
																			_t896 = _t913;
																			_t919 = _t913 - 0xc;
																			_t472 = _v1532;
																			_t804 = _v1536;
																			_push(_t702);
																			_push(_t865);
																			_push(_t834);
																			_t836 = _t730;
																			_v1552 = _v1536;
																			_v1548 = _t472;
																			_t731 =  *(_t836 + 0x14);
																			_v1556 = _t731;
																			__eflags = _t472 - _t731;
																			if(_t472 > _t731) {
																				__eflags = _t472 - 0x7ffffffe;
																				if(__eflags > 0) {
																					L187:
																					E008E1150(_t702, _t836, _t865, __eflags);
																					goto L188;
																				} else {
																					_t881 = _t472 | 0x00000007;
																					__eflags = _t881 - 0x7ffffffe;
																					if(_t881 <= 0x7ffffffe) {
																						_t804 = _t731 >> 1;
																						__eflags = _t731 - 0x7ffffffe - _t804;
																						if(_t731 <= 0x7ffffffe - _t804) {
																							_t537 = _t804 + _t731;
																							__eflags = _t881 - _t537;
																							_t865 =  <  ? _t537 : _t881;
																							_t326 = _t865 + 1; // 0x112d3ebd
																							_t538 = _t326;
																							__eflags = _t538 - 0x7fffffff;
																							if(_t538 > 0x7fffffff) {
																								goto L186;
																							} else {
																								_t540 = _t538 + _t538;
																								__eflags = _t540 - 0x1000;
																								if(_t540 < 0x1000) {
																									__eflags = _t540;
																									if(__eflags == 0) {
																										_t702 = 0;
																										__eflags = 0;
																									} else {
																										_t550 = E008E25CF(_t731, _t865, __eflags, _t540);
																										_t919 = _t919 + 4;
																										_t702 = _t550;
																									}
																									goto L180;
																								} else {
																									goto L174;
																								}
																							}
																						} else {
																							_t865 = 0x7ffffffe;
																							_t540 = 0xfffffffe;
																							goto L174;
																						}
																					} else {
																						_t865 = 0x7ffffffe;
																						_t540 = 0xfffffffe;
																						L174:
																						_t327 = _t540 + 0x23; // 0x100000021
																						_t731 = _t327;
																						__eflags = _t731 - _t540;
																						if(__eflags <= 0) {
																							L186:
																							E008E10B0();
																							goto L187;
																						} else {
																							_t551 = E008E25CF(_t731, _t865, __eflags, _t731);
																							_t919 = _t919 + 4;
																							__eflags = _t551;
																							if(__eflags == 0) {
																								L188:
																								E008E5D27(_t702, _t731, _t804, _t836, __eflags);
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push("vector too long");
																								E008E247D();
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push(_t896);
																								_t897 = _t919;
																								_t920 = _t919 - 0x10;
																								_t805 = _v1560;
																								_push(_t702);
																								_t704 = _t731;
																								_v1584 = _v1548;
																								_t732 = 0x7ffffffe;
																								_push(_t865);
																								_t867 =  *(_t704 + 0x10);
																								_v1576 = _t867;
																								_push(_t836);
																								__eflags = 0x7ffffffe - _t867 - _t805;
																								if(__eflags < 0) {
																									L211:
																									E008E1150(_t704, _t836, _t867, __eflags);
																									goto L212;
																								} else {
																									_t836 =  *(_t704 + 0x14);
																									_t512 = _t867 + _t805;
																									_v28 = _t512;
																									_t874 = _t512 | 0x00000007;
																									_v36 = _t836;
																									__eflags = _t874 - 0x7ffffffe;
																									if(__eflags <= 0) {
																										_t514 = _t836 >> 1;
																										__eflags = _t836 - 0x7ffffffe - _t514;
																										if(__eflags <= 0) {
																											_t515 = _t514 + _t836;
																											__eflags = _t874 - _t515;
																											_t867 =  <  ? _t515 : _t874;
																											__eflags = _t867;
																										} else {
																											_t867 = 0x7ffffffe;
																										}
																									} else {
																										_t867 = 0x7ffffffe;
																									}
																									_t732 =  ~(0 | __eflags > 0x00000000) | _t867 + 0x00000001;
																									__eflags = _t732 - 0x7fffffff;
																									if(_t732 > 0x7fffffff) {
																										L210:
																										E008E10B0();
																										goto L211;
																									} else {
																										_t732 = _t732 + _t732;
																										__eflags = _t732 - 0x1000;
																										if(_t732 < 0x1000) {
																											__eflags = _t732;
																											if(__eflags == 0) {
																												_t836 = 0;
																												__eflags = 0;
																											} else {
																												_t532 = E008E25CF(_t732, _t867, __eflags, _t732);
																												_t920 = _t920 + 4;
																												_t836 = _t532;
																											}
																											goto L204;
																										} else {
																											_t351 = _t732 + 0x23; // 0x23
																											_t533 = _t351;
																											__eflags = _t351 - _t732;
																											if(__eflags <= 0) {
																												goto L210;
																											} else {
																												_t534 = E008E25CF(_t732, _t867, __eflags, _t533);
																												_t920 = _t920 + 4;
																												__eflags = _t534;
																												if(__eflags == 0) {
																													L212:
																													E008E5D27(_t704, _t732, _t805, _t836, __eflags);
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													_push(_t897);
																													_t921 = _t920 - 0x10;
																													_t806 = _v1572;
																													_push(_t704);
																													_t705 = _t732;
																													_t733 = 0x7ffffffe;
																													_push(_t867);
																													_push(_t836);
																													_t868 =  *(_t705 + 0x10);
																													_v1584 = _t868;
																													__eflags = 0x7ffffffe - _t868 - _t806;
																													if(__eflags < 0) {
																														L234:
																														E008E1150(_t705, _t836, _t868, __eflags);
																														goto L235;
																													} else {
																														_t486 = _t868 + _t806;
																														_t868 =  *(_t705 + 0x14);
																														_v36 = _t486;
																														_t838 = _t486 | 0x00000007;
																														_v40 = _t868;
																														__eflags = _t838 - 0x7ffffffe;
																														if(__eflags <= 0) {
																															_t488 = _t868 >> 1;
																															__eflags = _t868 - 0x7ffffffe - _t488;
																															if(__eflags <= 0) {
																																_t489 = _t488 + _t868;
																																__eflags = _t838 - _t489;
																																_t836 =  <  ? _t489 : _t838;
																															} else {
																																_t836 = 0x7ffffffe;
																															}
																														} else {
																															_t836 = 0x7ffffffe;
																														}
																														_t733 =  ~(0 | __eflags > 0x00000000) | _t836 + 0x00000001;
																														__eflags = _t733 - 0x7fffffff;
																														if(_t733 > 0x7fffffff) {
																															L233:
																															E008E10B0();
																															goto L234;
																														} else {
																															_t733 = _t733 + _t733;
																															__eflags = _t733 - 0x1000;
																															if(_t733 < 0x1000) {
																																__eflags = _t733;
																																if(__eflags == 0) {
																																	_t869 = 0;
																																	__eflags = 0;
																																} else {
																																	_t509 = E008E25CF(_t733, _t868, __eflags, _t733);
																																	_t921 = _t921 + 4;
																																	_t869 = _t509;
																																}
																																goto L227;
																															} else {
																																_t384 = _t733 + 0x23; // 0x23
																																_t510 = _t384;
																																__eflags = _t384 - _t733;
																																if(__eflags <= 0) {
																																	goto L233;
																																} else {
																																	_t511 = E008E25CF(_t733, _t868, __eflags, _t510);
																																	_t921 = _t921 + 4;
																																	__eflags = _t511;
																																	if(__eflags == 0) {
																																		L235:
																																		E008E5D27(_t705, _t733, _t806, _t836, __eflags);
																																		asm("int3");
																																		 *(_t733 + 4) =  *(_t733 + 4) & 0x00000000;
																																		_t414 = _t733 + 8;
																																		 *_t414 =  *(_t733 + 8) & 0x00000000;
																																		__eflags =  *_t414;
																																		 *(_t733 + 4) = "bad allocation";
																																		 *_t733 = 0x8ef190;
																																		return _t733;
																																	} else {
																																		_t385 = _t511 + 0x23; // 0x23
																																		_t869 = _t385 & 0xffffffe0;
																																		 *(_t869 - 4) = _t511;
																																		L227:
																																		 *(_t705 + 0x10) = _v36;
																																		 *(_t705 + 0x14) = _t836;
																																		_t738 = _v32 + _v32;
																																		_t495 = _v8;
																																		_v36 = _t738 + _t869;
																																		_push(_t738);
																																		_t839 = _t495 + _t495;
																																		__eflags = _v40 - 8;
																																		_v44 = _t495 + _t495;
																																		_v32 = _t869 + (_t495 + _v32) * 2;
																																		if(_v40 < 8) {
																																			_push(_t705);
																																			_push(_t869);
																																			E008E5440();
																																			E008E5440(_v36, L"BWInstaller.exe", _t839);
																																			__eflags = 0;
																																			 *_v32 = 0;
																																			 *_t705 = _t869;
																																			return _t705;
																																		} else {
																																			_t841 =  *_t705;
																																			_push(_t841);
																																			_push(_t869);
																																			E008E5440();
																																			E008E5440(_v36, L"BWInstaller.exe", _v44);
																																			 *_v32 = 0;
																																			_t741 = 2 + _v40 * 2;
																																			__eflags = _t741 - 0x1000;
																																			if(_t741 < 0x1000) {
																																				L231:
																																				_push(_t741);
																																				E008E25FF(_t841);
																																				 *_t705 = _t869;
																																				return _t705;
																																			} else {
																																				_t806 =  *((intOrPtr*)(_t841 - 4));
																																				_t733 = _t741 + 0x23;
																																				_t409 = _t841 - _t806 - 4; // 0x7ffffffa
																																				__eflags = _t409 - 0x1f;
																																				if(__eflags > 0) {
																																					goto L235;
																																				} else {
																																					_t841 = _t806;
																																					goto L231;
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												} else {
																													_t352 = _t534 + 0x23; // 0x23
																													_t836 = _t352 & 0xffffffe0;
																													 *(_t836 - 4) = _t534;
																													L204:
																													 *(_t704 + 0x10) = _v28;
																													_t521 = _v0 + _v0;
																													 *(_t704 + 0x14) = _t867;
																													__eflags = _v36 - 8;
																													_push(_t521);
																													_push(_v40);
																													_t876 = 2 + _v32 * 2;
																													_v28 = _t521 + _t836;
																													_push(_t836);
																													if(_v36 < 8) {
																														E008E5440();
																														E008E5440(_v28, _t704, _t876);
																														 *_t704 = _t836;
																														return _t704;
																													} else {
																														_t878 =  *_t704;
																														E008E5440();
																														E008E5440(_v28, _t878, 2 + _v32 * 2);
																														_t920 = _t920 + 0x18;
																														_t748 = 2 + _v36 * 2;
																														__eflags = _t748 - 0x1000;
																														if(_t748 < 0x1000) {
																															L208:
																															_push(_t748);
																															E008E25FF(_t878);
																															 *_t704 = _t836;
																															return _t704;
																														} else {
																															_t805 =  *((intOrPtr*)(_t878 - 4));
																															_t732 = _t748 + 0x23;
																															_t867 = _t878 - _t805;
																															__eflags = _t867 - 4 - 0x1f;
																															if(__eflags > 0) {
																																goto L212;
																															} else {
																																_t878 = _t805;
																																goto L208;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							} else {
																								_t328 = _t551 + 0x23; // 0x23
																								_t702 = _t328 & 0xffffffe0;
																								 *(_t702 - 4) = _t551;
																								L180:
																								_t541 = _v24;
																								 *(_t836 + 0x14) = _t865;
																								 *(_t836 + 0x10) = _t541;
																								_t865 = _t541 + _t541;
																								E008E5440(_t702, _v28, _t865);
																								_t919 = _t919 + 0xc;
																								 *((short*)(_t865 + _t702)) = 0;
																								_t544 = _v32;
																								__eflags = _t544 - 8;
																								if(_t544 < 8) {
																									L185:
																									 *_t836 = _t702;
																									return _t836;
																								} else {
																									_t749 = 2 + _t544 * 2;
																									_t546 =  *_t836;
																									__eflags = _t749 - 0x1000;
																									if(_t749 < 0x1000) {
																										L184:
																										_push(_t749);
																										E008E25FF(_t546);
																										goto L185;
																									} else {
																										_t804 =  *(_t546 - 4);
																										_t731 = _t749 + 0x23;
																										__eflags = _t546 - _t804 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											goto L188;
																										} else {
																											_t546 = _t804;
																											goto L184;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t712 = _t836;
																				__eflags = _t731 - 8;
																				if(_t731 >= 8) {
																					_t712 =  *_t836;
																				}
																				_t883 = _t472 + _t472;
																				 *(_t836 + 0x10) = _t472;
																				E008E4D80(_t712, _t804, _t883);
																				__eflags = 0;
																				 *((short*)(_t883 + _t712)) = 0;
																				return _t836;
																			}
																		} else {
																			_t467 = _t803;
																			goto L160;
																		}
																	}
																}
															} else {
																_t462 = _t802;
																goto L153;
															}
														}
													}
												} else {
													_t587 = E008E25CF( &_v1436, 0, __eflags, _t586);
													_t913 = _t913 + 4;
													__eflags = _t587;
													if(__eflags == 0) {
														L146:
														E008E5D27(_t702, _t725, _t801, _t834, __eflags);
														goto L147;
													} else {
														_t241 = _t587 + 0x23; // 0x23
														_t861 = _t241 & 0xffffffe0;
														 *(_t861 - 4) = _t587;
														L119:
														_t581 = _t861 + _t834;
														_t834 = _t581;
														_v84 = _t581;
														_v100 = _t861;
														_v76 = _t861;
														_v68 = _t834;
														E008E3900(_t834, _t861, 0, _v88 + _v88);
														_v96 = _t861;
														_t913 = _t913 + 0xc;
														_v72 = _t834;
														goto L120;
													}
												}
											}
										}
									}
								} else {
									goto L26;
								}
							}
						}
					} else {
						_t700 = RegQueryValueExW(_v1244, L"Release", 0,  &(_v1212.dwXCountChars),  &_v272,  &(_v1212.dwYSize)); // executed
						if(_t700 != 0) {
							goto L65;
						} else {
							goto L4;
						}
					}
				}
			}





























































































































































































































































                                                      0x008e1150
                                                      0x008e1150
                                                      0x008e1150
                                                      0x008e1155
                                                      0x008e115a
                                                      0x008e115b
                                                      0x008e115c
                                                      0x008e115d
                                                      0x008e115e
                                                      0x008e115f
                                                      0x008e1161
                                                      0x008e1166
                                                      0x008e116c
                                                      0x008e1173
                                                      0x008e117a
                                                      0x008e117b
                                                      0x008e1188
                                                      0x008e1196
                                                      0x008e11a1
                                                      0x008e11a6
                                                      0x008e11a9
                                                      0x008e11bd
                                                      0x008e11d8
                                                      0x008e11dc
                                                      0x008e18b3
                                                      0x008e18b3
                                                      0x008e18b9
                                                      0x008e18be
                                                      0x00000000
                                                      0x008e18c4
                                                      0x008e18cb
                                                      0x008e18d0
                                                      0x008e18d8
                                                      0x008e18df
                                                      0x008e18e5
                                                      0x008e18e9
                                                      0x008e1907
                                                      0x008e1907
                                                      0x008e1907
                                                      0x008e1910
                                                      0x008e1918
                                                      0x008e191a
                                                      0x008e191c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1922
                                                      0x008e1926
                                                      0x008e1927
                                                      0x008e192a
                                                      0x00000000
                                                      0x008e192c
                                                      0x008e192c
                                                      0x008e1930
                                                      0x008e1932
                                                      0x008e1939
                                                      0x008e193e
                                                      0x008e1946
                                                      0x008e1948
                                                      0x008e1948
                                                      0x008e194c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e194e
                                                      0x008e1951
                                                      0x008e1951
                                                      0x008e1954
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1954
                                                      0x008e1956
                                                      0x008e1958
                                                      0x00000000
                                                      0x008e195a
                                                      0x008e195f
                                                      0x008e1965
                                                      0x008e1969
                                                      0x008e196c
                                                      0x00000000
                                                      0x008e196e
                                                      0x008e1971
                                                      0x008e197d
                                                      0x008e1987
                                                      0x008e198f
                                                      0x008e198f
                                                      0x008e1991
                                                      0x008e19a0
                                                      0x008e19a2
                                                      0x008e19a4
                                                      0x00000000
                                                      0x00000000
                                                      0x008e19a6
                                                      0x008e19a7
                                                      0x008e19aa
                                                      0x00000000
                                                      0x008e19ac
                                                      0x008e19ac
                                                      0x008e19ac
                                                      0x00000000
                                                      0x008e19aa
                                                      0x008e19bd
                                                      0x008e19bd
                                                      0x008e196c
                                                      0x008e1958
                                                      0x00000000
                                                      0x008e192a
                                                      0x008e19ca
                                                      0x008e18eb
                                                      0x008e18eb
                                                      0x008e18f2
                                                      0x008e18f6
                                                      0x008e18f8
                                                      0x00000000
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18f8
                                                      0x008e19ce
                                                      0x008e19ce
                                                      0x008e19d6
                                                      0x008e19dd
                                                      0x008e19e1
                                                      0x008e19fc
                                                      0x008e19fc
                                                      0x008e19fc
                                                      0x008e1a00
                                                      0x008e1a08
                                                      0x008e1a0a
                                                      0x008e1a0c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a12
                                                      0x008e1a16
                                                      0x008e1a17
                                                      0x008e1a1a
                                                      0x00000000
                                                      0x008e1a1c
                                                      0x008e1a1c
                                                      0x008e1a20
                                                      0x008e1a22
                                                      0x008e1a29
                                                      0x008e1a2b
                                                      0x008e1a33
                                                      0x008e1a38
                                                      0x008e1a38
                                                      0x008e1a3c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a3e
                                                      0x008e1a41
                                                      0x008e1a41
                                                      0x008e1a44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a44
                                                      0x008e1a46
                                                      0x008e1a48
                                                      0x008e1a9c
                                                      0x008e1a9c
                                                      0x008e1a4a
                                                      0x008e1a4f
                                                      0x008e1a55
                                                      0x008e1a59
                                                      0x008e1a5c
                                                      0x00000000
                                                      0x008e1a5e
                                                      0x008e1a61
                                                      0x008e1a6d
                                                      0x008e1a77
                                                      0x008e1a7f
                                                      0x008e1a7f
                                                      0x008e1a81
                                                      0x008e1a90
                                                      0x008e1a92
                                                      0x008e1a94
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a96
                                                      0x008e1a97
                                                      0x008e1a9a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a9a
                                                      0x00000000
                                                      0x008e1a81
                                                      0x008e1a5c
                                                      0x008e1a48
                                                      0x00000000
                                                      0x008e1a1a
                                                      0x008e1aa3
                                                      0x008e1aa3
                                                      0x008e19e3
                                                      0x008e19e3
                                                      0x008e19ea
                                                      0x008e19ee
                                                      0x008e19f0
                                                      0x00000000
                                                      0x008e19f2
                                                      0x008e19f2
                                                      0x008e19f2
                                                      0x008e19f0
                                                      0x008e1aaa
                                                      0x008e1ab9
                                                      0x008e1ab9
                                                      0x008e1abc
                                                      0x008e1acd
                                                      0x008e1acd
                                                      0x008e1ad3
                                                      0x008e1ada
                                                      0x008e1add
                                                      0x00000000
                                                      0x008e1adf
                                                      0x008e1adf
                                                      0x008e1ae6
                                                      0x008e1aed
                                                      0x008e1aef
                                                      0x008e1af5
                                                      0x00000000
                                                      0x008e1af7
                                                      0x008e1af7
                                                      0x008e1afa
                                                      0x008e1b02
                                                      0x008e1b05
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1b05
                                                      0x008e1af5
                                                      0x008e1add
                                                      0x008e11e2
                                                      0x008e11f1
                                                      0x008e11f5
                                                      0x008e122b
                                                      0x008e122d
                                                      0x008e1238
                                                      0x008e1239
                                                      0x008e1245
                                                      0x008e1250
                                                      0x008e1258
                                                      0x008e126c
                                                      0x008e1271
                                                      0x008e1283
                                                      0x008e128b
                                                      0x008e1293
                                                      0x008e129a
                                                      0x008e12a2
                                                      0x008e12a7
                                                      0x008e12aa
                                                      0x008e12b0
                                                      0x008e12b0
                                                      0x008e12b3
                                                      0x008e12b6
                                                      0x008e12c6
                                                      0x008e12c7
                                                      0x008e12cc
                                                      0x008e12da
                                                      0x008e12de
                                                      0x008e12e5
                                                      0x008e139c
                                                      0x008e139c
                                                      0x008e139c
                                                      0x008e12eb
                                                      0x008e12fa
                                                      0x008e12ff
                                                      0x008e1302
                                                      0x008e1310
                                                      0x008e1310
                                                      0x008e1316
                                                      0x00000000
                                                      0x00000000
                                                      0x008e131b
                                                      0x008e131e
                                                      0x008e132c
                                                      0x00000000
                                                      0x008e132e
                                                      0x008e132e
                                                      0x008e1336
                                                      0x008e1339
                                                      0x008e1340
                                                      0x008e1340
                                                      0x008e1346
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1354
                                                      0x00000000
                                                      0x008e1356
                                                      0x008e1356
                                                      0x00000000
                                                      0x008e1356
                                                      0x00000000
                                                      0x008e1354
                                                      0x008e1396
                                                      0x008e1398
                                                      0x008e1398
                                                      0x00000000
                                                      0x008e132c
                                                      0x008e135b
                                                      0x008e135b
                                                      0x008e135e
                                                      0x008e1361
                                                      0x008e1363
                                                      0x008e1366
                                                      0x008e1370
                                                      0x008e1370
                                                      0x008e1370
                                                      0x008e1373
                                                      0x008e1378
                                                      0x008e1380
                                                      0x008e1380
                                                      0x008e1383
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1385
                                                      0x008e1388
                                                      0x008e1388
                                                      0x008e138b
                                                      0x00000000
                                                      0x008e138d
                                                      0x008e138d
                                                      0x008e138f
                                                      0x00000000
                                                      0x008e1391
                                                      0x008e1391
                                                      0x00000000
                                                      0x008e1391
                                                      0x008e138f
                                                      0x00000000
                                                      0x008e138b
                                                      0x00000000
                                                      0x008e1380
                                                      0x008e1370
                                                      0x008e139f
                                                      0x008e139f
                                                      0x008e13a3
                                                      0x008e13a6
                                                      0x008e13db
                                                      0x008e13db
                                                      0x008e13dd
                                                      0x008e13e5
                                                      0x008e13ec
                                                      0x008e13f4
                                                      0x008e13f9
                                                      0x008e1400
                                                      0x008e1400
                                                      0x008e1403
                                                      0x008e1406
                                                      0x008e1406
                                                      0x008e1416
                                                      0x008e1417
                                                      0x008e141c
                                                      0x008e1423
                                                      0x008e142b
                                                      0x008e1433
                                                      0x008e143c
                                                      0x008e1441
                                                      0x008e1446
                                                      0x008e1447
                                                      0x008e144c
                                                      0x008e144d
                                                      0x008e1455
                                                      0x008e145a
                                                      0x008e1461
                                                      0x008e1464
                                                      0x008e149c
                                                      0x008e149c
                                                      0x008e14a1
                                                      0x008e14a5
                                                      0x008e14ad
                                                      0x008e14b3
                                                      0x008e14bc
                                                      0x008e14bf
                                                      0x008e14f4
                                                      0x008e14f4
                                                      0x008e14f8
                                                      0x008e1500
                                                      0x008e1509
                                                      0x008e1511
                                                      0x008e1516
                                                      0x008e151b
                                                      0x008e152b
                                                      0x008e1530
                                                      0x008e1534
                                                      0x008e1536
                                                      0x008e153a
                                                      0x008e153e
                                                      0x008e1540
                                                      0x008e15ee
                                                      0x008e15ef
                                                      0x008e15f0
                                                      0x008e15f1
                                                      0x008e15fd
                                                      0x008e1604
                                                      0x008e1605
                                                      0x008e1546
                                                      0x008e1546
                                                      0x008e154e
                                                      0x008e1556
                                                      0x008e155b
                                                      0x008e155e
                                                      0x008e1565
                                                      0x008e1569
                                                      0x008e156d
                                                      0x008e1574
                                                      0x008e1576
                                                      0x008e158f
                                                      0x008e158f
                                                      0x008e1578
                                                      0x008e157b
                                                      0x008e157d
                                                      0x00000000
                                                      0x008e157f
                                                      0x008e157f
                                                      0x008e1581
                                                      0x008e158b
                                                      0x008e1583
                                                      0x008e1583
                                                      0x008e1583
                                                      0x008e1581
                                                      0x008e157d
                                                      0x008e15a7
                                                      0x008e15af
                                                      0x008e15bb
                                                      0x008e15e0
                                                      0x008e15e5
                                                      0x008e15e8
                                                      0x008e15e8
                                                      0x008e160a
                                                      0x008e160f
                                                      0x008e1614
                                                      0x008e1619
                                                      0x008e161f
                                                      0x008e1626
                                                      0x008e162d
                                                      0x008e1630
                                                      0x008e1636
                                                      0x008e163a
                                                      0x008e163c
                                                      0x008e163f
                                                      0x008e1673
                                                      0x008e1675
                                                      0x008e1676
                                                      0x008e1682
                                                      0x008e1689
                                                      0x008e168b
                                                      0x008e1641
                                                      0x008e1641
                                                      0x008e164a
                                                      0x008e164f
                                                      0x008e1657
                                                      0x008e165f
                                                      0x008e1664
                                                      0x008e1669
                                                      0x008e166d
                                                      0x008e166d
                                                      0x008e1690
                                                      0x008e1695
                                                      0x008e169d
                                                      0x008e16a2
                                                      0x008e16ab
                                                      0x008e16b2
                                                      0x008e16b9
                                                      0x008e16bc
                                                      0x008e16c0
                                                      0x008e16c3
                                                      0x008e16f8
                                                      0x008e16f8
                                                      0x008e16fe
                                                      0x008e1706
                                                      0x008e170e
                                                      0x008e1713
                                                      0x008e1716
                                                      0x008e174b
                                                      0x008e174b
                                                      0x008e1762
                                                      0x008e1776
                                                      0x008e1780
                                                      0x008e178f
                                                      0x008e1798
                                                      0x008e17a1
                                                      0x008e17aa
                                                      0x008e17b3
                                                      0x008e17bc
                                                      0x008e17c5
                                                      0x008e17ce
                                                      0x008e17d7
                                                      0x008e17df
                                                      0x008e17ee
                                                      0x008e17fb
                                                      0x008e1801
                                                      0x008e180a
                                                      0x008e180c
                                                      0x008e1813
                                                      0x008e1816
                                                      0x008e184e
                                                      0x008e184e
                                                      0x008e1857
                                                      0x008e1862
                                                      0x008e186d
                                                      0x008e1875
                                                      0x008e1878
                                                      0x008e1b11
                                                      0x008e1b1c
                                                      0x008e1b26
                                                      0x008e187e
                                                      0x008e187e
                                                      0x008e1885
                                                      0x008e188c
                                                      0x008e188e
                                                      0x008e1894
                                                      0x008e1b07
                                                      0x008e1b07
                                                      0x008e1b09
                                                      0x008e1b0e
                                                      0x00000000
                                                      0x008e189a
                                                      0x008e189a
                                                      0x008e189d
                                                      0x008e18a5
                                                      0x008e18a8
                                                      0x00000000
                                                      0x008e18ae
                                                      0x00000000
                                                      0x008e18ae
                                                      0x008e18a8
                                                      0x008e1894
                                                      0x008e1818
                                                      0x008e1818
                                                      0x008e181f
                                                      0x008e1826
                                                      0x008e1828
                                                      0x008e182e
                                                      0x008e1844
                                                      0x008e1844
                                                      0x008e1846
                                                      0x008e184b
                                                      0x00000000
                                                      0x008e1830
                                                      0x008e1830
                                                      0x008e1833
                                                      0x008e183b
                                                      0x008e183e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e183e
                                                      0x008e182e
                                                      0x008e1718
                                                      0x008e1718
                                                      0x008e171c
                                                      0x008e1723
                                                      0x008e1725
                                                      0x008e172b
                                                      0x008e1741
                                                      0x008e1741
                                                      0x008e1743
                                                      0x008e1748
                                                      0x00000000
                                                      0x008e172d
                                                      0x008e172d
                                                      0x008e1730
                                                      0x008e1738
                                                      0x008e173b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e173b
                                                      0x008e172b
                                                      0x008e16c5
                                                      0x008e16c5
                                                      0x008e16c9
                                                      0x008e16d0
                                                      0x008e16d2
                                                      0x008e16d8
                                                      0x008e16ee
                                                      0x008e16ee
                                                      0x008e16f0
                                                      0x008e16f5
                                                      0x00000000
                                                      0x008e16da
                                                      0x008e16da
                                                      0x008e16dd
                                                      0x008e16e5
                                                      0x008e16e8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e16e8
                                                      0x008e16d8
                                                      0x008e14c1
                                                      0x008e14c1
                                                      0x008e14c5
                                                      0x008e14cc
                                                      0x008e14ce
                                                      0x008e14d4
                                                      0x008e14ea
                                                      0x008e14ea
                                                      0x008e14ec
                                                      0x008e14f1
                                                      0x00000000
                                                      0x008e14d6
                                                      0x008e14d6
                                                      0x008e14d9
                                                      0x008e14e1
                                                      0x008e14e4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e14e4
                                                      0x008e14d4
                                                      0x008e1466
                                                      0x008e1466
                                                      0x008e146d
                                                      0x008e1474
                                                      0x008e1476
                                                      0x008e147c
                                                      0x008e1492
                                                      0x008e1492
                                                      0x008e1494
                                                      0x008e1499
                                                      0x00000000
                                                      0x008e147e
                                                      0x008e147e
                                                      0x008e1481
                                                      0x008e1489
                                                      0x008e148c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e148c
                                                      0x008e147c
                                                      0x008e13a8
                                                      0x008e13a8
                                                      0x008e13ac
                                                      0x008e13b3
                                                      0x008e13b5
                                                      0x008e13bb
                                                      0x008e13d1
                                                      0x008e13d1
                                                      0x008e13d3
                                                      0x008e13d8
                                                      0x00000000
                                                      0x008e13bd
                                                      0x008e13bd
                                                      0x008e13c0
                                                      0x008e13c8
                                                      0x008e13cb
                                                      0x008e1b29
                                                      0x008e1b2e
                                                      0x008e1b2e
                                                      0x008e1b33
                                                      0x008e1b33
                                                      0x008e1b38
                                                      0x008e1b38
                                                      0x008e1b3d
                                                      0x008e1b3e
                                                      0x008e1b3f
                                                      0x008e1b41
                                                      0x008e1b49
                                                      0x008e1b50
                                                      0x008e1b54
                                                      0x008e1b65
                                                      0x008e1b68
                                                      0x008e1b6d
                                                      0x008e1b6f
                                                      0x008e1b78
                                                      0x008e1b7e
                                                      0x008e1b80
                                                      0x008e1b83
                                                      0x008e1b86
                                                      0x008e1b8e
                                                      0x008e1b9b
                                                      0x008e1ba2
                                                      0x008e1ba9
                                                      0x008e1bb0
                                                      0x008e1bb4
                                                      0x008e1bbc
                                                      0x008e1bcc
                                                      0x008e1bd4
                                                      0x008e1bdb
                                                      0x008e1bde
                                                      0x008e1be1
                                                      0x008e1be6
                                                      0x008e1be8
                                                      0x008e1beb
                                                      0x008e1bed
                                                      0x008e1bf0
                                                      0x008e1bf3
                                                      0x008e1bf6
                                                      0x008e1bf9
                                                      0x008e1bfc
                                                      0x008e1bff
                                                      0x008e1c01
                                                      0x008e1c7e
                                                      0x008e1c81
                                                      0x008e1c87
                                                      0x008e1c8d
                                                      0x008e1c93
                                                      0x008e1c95
                                                      0x008e1dfa
                                                      0x008e1dfa
                                                      0x008e1dff
                                                      0x008e1e01
                                                      0x008e1e06
                                                      0x008e1e0d
                                                      0x008e1e14
                                                      0x008e1e19
                                                      0x008e1e1e
                                                      0x008e1e20
                                                      0x008e1e4b
                                                      0x008e1e4b
                                                      0x008e1e4e
                                                      0x008e1e51
                                                      0x00000000
                                                      0x008e1e53
                                                      0x008e1e53
                                                      0x008e1e56
                                                      0x008e1e5d
                                                      0x008e1e5f
                                                      0x008e1e65
                                                      0x00000000
                                                      0x008e1e6b
                                                      0x008e1e6b
                                                      0x008e1e6e
                                                      0x008e1e76
                                                      0x008e1e79
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1e79
                                                      0x008e1e65
                                                      0x008e1e22
                                                      0x008e1e24
                                                      0x008e1e26
                                                      0x008e1e29
                                                      0x008e1e2f
                                                      0x008e1e41
                                                      0x008e1e41
                                                      0x008e1e43
                                                      0x008e1e48
                                                      0x00000000
                                                      0x008e1e31
                                                      0x008e1e31
                                                      0x008e1e34
                                                      0x008e1e3c
                                                      0x008e1e3f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1e3f
                                                      0x008e1e2f
                                                      0x008e1c9b
                                                      0x008e1c9e
                                                      0x008e1ca1
                                                      0x008e1ca1
                                                      0x008e1ca5
                                                      0x00000000
                                                      0x008e1cab
                                                      0x008e1cab
                                                      0x008e1caf
                                                      0x00000000
                                                      0x008e1cb5
                                                      0x008e1cb5
                                                      0x008e1cba
                                                      0x008e1cc0
                                                      0x008e1cc0
                                                      0x008e1cc3
                                                      0x008e1cc6
                                                      0x008e1cc6
                                                      0x008e1cd0
                                                      0x008e1cd1
                                                      0x008e1cd5
                                                      0x008e1cda
                                                      0x008e1ce1
                                                      0x008e1ce7
                                                      0x008e1cea
                                                      0x008e1cf0
                                                      0x008e1cf6
                                                      0x008e1cf9
                                                      0x008e1cff
                                                      0x008e1d02
                                                      0x008e1d05
                                                      0x008e1d07
                                                      0x008e1d09
                                                      0x008e1d09
                                                      0x008e1d09
                                                      0x008e1d0c
                                                      0x008e1d10
                                                      0x008e1d19
                                                      0x008e1d1d
                                                      0x008e1d20
                                                      0x008e1d23
                                                      0x008e1d23
                                                      0x008e1d28
                                                      0x008e1d2b
                                                      0x008e1d2b
                                                      0x008e1d2e
                                                      0x008e1d32
                                                      0x00000000
                                                      0x008e1d38
                                                      0x008e1d38
                                                      0x008e1d3b
                                                      0x008e1d3d
                                                      0x008e1d41
                                                      0x008e1d45
                                                      0x008e1d4c
                                                      0x008e1d53
                                                      0x008e1d56
                                                      0x008e1d5b
                                                      0x008e1d60
                                                      0x008e1d67
                                                      0x008e1d6e
                                                      0x008e1d70
                                                      0x008e1ddc
                                                      0x008e1ddf
                                                      0x008e1dec
                                                      0x008e1df9
                                                      0x008e1d72
                                                      0x008e1d74
                                                      0x008e1d76
                                                      0x008e1d79
                                                      0x008e1d7f
                                                      0x008e1d95
                                                      0x008e1d95
                                                      0x008e1d97
                                                      0x008e1d9c
                                                      0x008e1d9f
                                                      0x008e1da2
                                                      0x008e1da5
                                                      0x008e1dd9
                                                      0x00000000
                                                      0x008e1da7
                                                      0x008e1da7
                                                      0x008e1daa
                                                      0x008e1db1
                                                      0x008e1db3
                                                      0x008e1db9
                                                      0x008e1dcf
                                                      0x008e1dcf
                                                      0x008e1dd1
                                                      0x00000000
                                                      0x008e1dbb
                                                      0x008e1dbb
                                                      0x008e1dbe
                                                      0x008e1dc6
                                                      0x008e1dc9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1dc9
                                                      0x008e1db9
                                                      0x008e1d81
                                                      0x008e1d81
                                                      0x008e1d84
                                                      0x008e1d8c
                                                      0x008e1d8f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1d8f
                                                      0x008e1d7f
                                                      0x008e1d70
                                                      0x008e1d32
                                                      0x008e1caf
                                                      0x008e1ca5
                                                      0x008e1c03
                                                      0x008e1c03
                                                      0x008e1c08
                                                      0x008e1e84
                                                      0x008e1e84
                                                      0x00000000
                                                      0x008e1c0e
                                                      0x008e1c0e
                                                      0x008e1c11
                                                      0x008e1c17
                                                      0x008e1c40
                                                      0x008e1c42
                                                      0x008e1c51
                                                      0x008e1c51
                                                      0x008e1c44
                                                      0x008e1c45
                                                      0x008e1c4a
                                                      0x008e1c4d
                                                      0x008e1c4d
                                                      0x00000000
                                                      0x008e1c19
                                                      0x008e1c19
                                                      0x008e1c19
                                                      0x008e1c1c
                                                      0x008e1c1e
                                                      0x008e1e89
                                                      0x008e1e89
                                                      0x008e1e8e
                                                      0x008e1e8f
                                                      0x008e1e90
                                                      0x008e1e91
                                                      0x008e1e93
                                                      0x008e1e95
                                                      0x008e1e97
                                                      0x008e1ed9
                                                      0x008e1eda
                                                      0x008e1e99
                                                      0x008e1e9e
                                                      0x008e1ea1
                                                      0x008e1ea7
                                                      0x008e1ebb
                                                      0x008e1ebb
                                                      0x008e1ebd
                                                      0x008e1ec2
                                                      0x008e1ecb
                                                      0x008e1ed2
                                                      0x00000000
                                                      0x008e1ea9
                                                      0x008e1ea9
                                                      0x008e1eac
                                                      0x008e1eb4
                                                      0x008e1eb7
                                                      0x008e1edb
                                                      0x008e1ee0
                                                      0x008e1ee1
                                                      0x008e1ee2
                                                      0x008e1ee3
                                                      0x008e1ee4
                                                      0x008e1ee5
                                                      0x008e1ee6
                                                      0x008e1ee7
                                                      0x008e1ee8
                                                      0x008e1ee9
                                                      0x008e1eea
                                                      0x008e1eeb
                                                      0x008e1eec
                                                      0x008e1eed
                                                      0x008e1eee
                                                      0x008e1eef
                                                      0x008e1ef0
                                                      0x008e1ef1
                                                      0x008e1ef3
                                                      0x008e1ef6
                                                      0x008e1ef9
                                                      0x008e1f28
                                                      0x008e1f28
                                                      0x008e1f2a
                                                      0x008e1f31
                                                      0x008e1f38
                                                      0x008e1f3c
                                                      0x008e1efb
                                                      0x008e1efb
                                                      0x008e1efd
                                                      0x008e1f04
                                                      0x008e1f0a
                                                      0x008e1f1e
                                                      0x008e1f1e
                                                      0x008e1f20
                                                      0x00000000
                                                      0x008e1f0c
                                                      0x008e1f0c
                                                      0x008e1f0f
                                                      0x008e1f17
                                                      0x008e1f1a
                                                      0x008e1f3d
                                                      0x008e1f42
                                                      0x008e1f43
                                                      0x008e1f44
                                                      0x008e1f45
                                                      0x008e1f46
                                                      0x008e1f47
                                                      0x008e1f48
                                                      0x008e1f49
                                                      0x008e1f4a
                                                      0x008e1f4b
                                                      0x008e1f4c
                                                      0x008e1f4d
                                                      0x008e1f4e
                                                      0x008e1f4f
                                                      0x008e1f50
                                                      0x008e1f51
                                                      0x008e1f53
                                                      0x008e1f56
                                                      0x008e1f59
                                                      0x008e1f5c
                                                      0x008e1f5d
                                                      0x008e1f5e
                                                      0x008e1f5f
                                                      0x008e1f61
                                                      0x008e1f64
                                                      0x008e1f67
                                                      0x008e1f6a
                                                      0x008e1f6d
                                                      0x008e1f6f
                                                      0x008e1f9c
                                                      0x008e1fa1
                                                      0x008e209a
                                                      0x008e209a
                                                      0x00000000
                                                      0x008e1fa7
                                                      0x008e1fa9
                                                      0x008e1fac
                                                      0x008e1fb2
                                                      0x008e1fc7
                                                      0x008e1fcb
                                                      0x008e1fcd
                                                      0x008e1fdb
                                                      0x008e1fde
                                                      0x008e1fe0
                                                      0x008e1fe3
                                                      0x008e1fe3
                                                      0x008e1fe6
                                                      0x008e1feb
                                                      0x00000000
                                                      0x008e1ff1
                                                      0x008e1ff1
                                                      0x008e1ff3
                                                      0x008e1ff8
                                                      0x008e2021
                                                      0x008e2023
                                                      0x008e2032
                                                      0x008e2032
                                                      0x008e2025
                                                      0x008e2026
                                                      0x008e202b
                                                      0x008e202e
                                                      0x008e202e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1ff8
                                                      0x008e1fcf
                                                      0x008e1fcf
                                                      0x008e1fd4
                                                      0x00000000
                                                      0x008e1fd4
                                                      0x008e1fb4
                                                      0x008e1fb4
                                                      0x008e1fb9
                                                      0x008e1ffa
                                                      0x008e1ffa
                                                      0x008e1ffa
                                                      0x008e1ffd
                                                      0x008e1fff
                                                      0x008e2095
                                                      0x008e2095
                                                      0x00000000
                                                      0x008e2005
                                                      0x008e2006
                                                      0x008e200b
                                                      0x008e200e
                                                      0x008e2010
                                                      0x008e209f
                                                      0x008e209f
                                                      0x008e20a4
                                                      0x008e20a5
                                                      0x008e20a6
                                                      0x008e20a7
                                                      0x008e20a8
                                                      0x008e20a9
                                                      0x008e20aa
                                                      0x008e20ab
                                                      0x008e20ac
                                                      0x008e20ad
                                                      0x008e20ae
                                                      0x008e20af
                                                      0x008e20b0
                                                      0x008e20b5
                                                      0x008e20ba
                                                      0x008e20bb
                                                      0x008e20bc
                                                      0x008e20bd
                                                      0x008e20be
                                                      0x008e20bf
                                                      0x008e20c0
                                                      0x008e20c1
                                                      0x008e20c3
                                                      0x008e20c9
                                                      0x008e20cc
                                                      0x008e20cd
                                                      0x008e20cf
                                                      0x008e20d2
                                                      0x008e20d7
                                                      0x008e20da
                                                      0x008e20df
                                                      0x008e20e2
                                                      0x008e20e3
                                                      0x008e20e5
                                                      0x008e2220
                                                      0x008e2220
                                                      0x00000000
                                                      0x008e20eb
                                                      0x008e20eb
                                                      0x008e20ee
                                                      0x008e20f3
                                                      0x008e20f6
                                                      0x008e20f9
                                                      0x008e20fc
                                                      0x008e20fe
                                                      0x008e2106
                                                      0x008e210a
                                                      0x008e210c
                                                      0x008e2115
                                                      0x008e2117
                                                      0x008e2119
                                                      0x008e2119
                                                      0x008e210e
                                                      0x008e210e
                                                      0x008e210e
                                                      0x008e2100
                                                      0x008e2100
                                                      0x008e2100
                                                      0x008e2128
                                                      0x008e212a
                                                      0x008e2130
                                                      0x008e221b
                                                      0x008e221b
                                                      0x00000000
                                                      0x008e2136
                                                      0x008e2136
                                                      0x008e2138
                                                      0x008e213e
                                                      0x008e2167
                                                      0x008e2169
                                                      0x008e2178
                                                      0x008e2178
                                                      0x008e216b
                                                      0x008e216c
                                                      0x008e2171
                                                      0x008e2174
                                                      0x008e2174
                                                      0x00000000
                                                      0x008e2140
                                                      0x008e2140
                                                      0x008e2140
                                                      0x008e2143
                                                      0x008e2145
                                                      0x00000000
                                                      0x008e214b
                                                      0x008e214c
                                                      0x008e2151
                                                      0x008e2154
                                                      0x008e2156
                                                      0x008e2225
                                                      0x008e2225
                                                      0x008e222a
                                                      0x008e222b
                                                      0x008e222c
                                                      0x008e222d
                                                      0x008e222e
                                                      0x008e222f
                                                      0x008e2230
                                                      0x008e2233
                                                      0x008e2236
                                                      0x008e2239
                                                      0x008e223a
                                                      0x008e223c
                                                      0x008e2241
                                                      0x008e2244
                                                      0x008e2245
                                                      0x008e224a
                                                      0x008e224d
                                                      0x008e224f
                                                      0x008e23a3
                                                      0x008e23a3
                                                      0x00000000
                                                      0x008e2255
                                                      0x008e2255
                                                      0x008e2258
                                                      0x008e225d
                                                      0x008e2260
                                                      0x008e2263
                                                      0x008e2266
                                                      0x008e2268
                                                      0x008e2270
                                                      0x008e2274
                                                      0x008e2276
                                                      0x008e227f
                                                      0x008e2281
                                                      0x008e2283
                                                      0x008e2278
                                                      0x008e2278
                                                      0x008e2278
                                                      0x008e226a
                                                      0x008e226a
                                                      0x008e226a
                                                      0x008e2292
                                                      0x008e2294
                                                      0x008e229a
                                                      0x008e239e
                                                      0x008e239e
                                                      0x00000000
                                                      0x008e22a0
                                                      0x008e22a0
                                                      0x008e22a2
                                                      0x008e22a8
                                                      0x008e22d1
                                                      0x008e22d3
                                                      0x008e22e2
                                                      0x008e22e2
                                                      0x008e22d5
                                                      0x008e22d6
                                                      0x008e22db
                                                      0x008e22de
                                                      0x008e22de
                                                      0x00000000
                                                      0x008e22aa
                                                      0x008e22aa
                                                      0x008e22aa
                                                      0x008e22ad
                                                      0x008e22af
                                                      0x00000000
                                                      0x008e22b5
                                                      0x008e22b6
                                                      0x008e22bb
                                                      0x008e22be
                                                      0x008e22c0
                                                      0x008e23a8
                                                      0x008e23a8
                                                      0x008e23ad
                                                      0x008e23ae
                                                      0x008e23b4
                                                      0x008e23b4
                                                      0x008e23b4
                                                      0x008e23b8
                                                      0x008e23bf
                                                      0x008e23c5
                                                      0x008e22c6
                                                      0x008e22c6
                                                      0x008e22c9
                                                      0x008e22cc
                                                      0x008e22e4
                                                      0x008e22e7
                                                      0x008e22ed
                                                      0x008e22f0
                                                      0x008e22f3
                                                      0x008e22f9
                                                      0x008e22fc
                                                      0x008e22fd
                                                      0x008e2303
                                                      0x008e2307
                                                      0x008e230d
                                                      0x008e2310
                                                      0x008e2371
                                                      0x008e2372
                                                      0x008e2373
                                                      0x008e2381
                                                      0x008e238c
                                                      0x008e238e
                                                      0x008e2394
                                                      0x008e239b
                                                      0x008e2312
                                                      0x008e2312
                                                      0x008e2314
                                                      0x008e2315
                                                      0x008e2316
                                                      0x008e2326
                                                      0x008e2333
                                                      0x008e2339
                                                      0x008e2340
                                                      0x008e2346
                                                      0x008e235a
                                                      0x008e235a
                                                      0x008e235c
                                                      0x008e2364
                                                      0x008e236e
                                                      0x008e2348
                                                      0x008e2348
                                                      0x008e234b
                                                      0x008e2350
                                                      0x008e2353
                                                      0x008e2356
                                                      0x00000000
                                                      0x008e2358
                                                      0x008e2358
                                                      0x00000000
                                                      0x008e2358
                                                      0x008e2356
                                                      0x008e2346
                                                      0x008e2310
                                                      0x008e22c0
                                                      0x008e22af
                                                      0x008e22a8
                                                      0x008e229a
                                                      0x008e215c
                                                      0x008e215c
                                                      0x008e215f
                                                      0x008e2162
                                                      0x008e217a
                                                      0x008e217d
                                                      0x008e2183
                                                      0x008e2185
                                                      0x008e2188
                                                      0x008e218f
                                                      0x008e2190
                                                      0x008e2196
                                                      0x008e219d
                                                      0x008e21a0
                                                      0x008e21a1
                                                      0x008e21fc
                                                      0x008e2206
                                                      0x008e220e
                                                      0x008e2218
                                                      0x008e21a3
                                                      0x008e21a3
                                                      0x008e21a5
                                                      0x008e21b9
                                                      0x008e21c1
                                                      0x008e21c4
                                                      0x008e21cb
                                                      0x008e21d1
                                                      0x008e21e5
                                                      0x008e21e5
                                                      0x008e21e7
                                                      0x008e21ef
                                                      0x008e21f9
                                                      0x008e21d3
                                                      0x008e21d3
                                                      0x008e21d6
                                                      0x008e21d9
                                                      0x008e21de
                                                      0x008e21e1
                                                      0x00000000
                                                      0x008e21e3
                                                      0x008e21e3
                                                      0x00000000
                                                      0x008e21e3
                                                      0x008e21e1
                                                      0x008e21d1
                                                      0x008e21a1
                                                      0x008e2156
                                                      0x008e2145
                                                      0x008e213e
                                                      0x008e2130
                                                      0x008e2016
                                                      0x008e2016
                                                      0x008e2019
                                                      0x008e201c
                                                      0x008e2034
                                                      0x008e2034
                                                      0x008e2037
                                                      0x008e203a
                                                      0x008e203d
                                                      0x008e2045
                                                      0x008e204c
                                                      0x008e204f
                                                      0x008e2053
                                                      0x008e2056
                                                      0x008e2059
                                                      0x008e2088
                                                      0x008e2088
                                                      0x008e2092
                                                      0x008e205b
                                                      0x008e205b
                                                      0x008e2062
                                                      0x008e2064
                                                      0x008e206a
                                                      0x008e207e
                                                      0x008e207e
                                                      0x008e2080
                                                      0x00000000
                                                      0x008e206c
                                                      0x008e206c
                                                      0x008e206f
                                                      0x008e2077
                                                      0x008e207a
                                                      0x00000000
                                                      0x008e207c
                                                      0x008e207c
                                                      0x00000000
                                                      0x008e207c
                                                      0x008e207a
                                                      0x008e206a
                                                      0x008e2059
                                                      0x008e2010
                                                      0x008e1fff
                                                      0x008e1fb2
                                                      0x008e1f71
                                                      0x008e1f71
                                                      0x008e1f73
                                                      0x008e1f76
                                                      0x008e1f78
                                                      0x008e1f78
                                                      0x008e1f7a
                                                      0x008e1f7d
                                                      0x008e1f83
                                                      0x008e1f8b
                                                      0x008e1f8d
                                                      0x008e1f99
                                                      0x008e1f99
                                                      0x008e1f1c
                                                      0x008e1f1c
                                                      0x00000000
                                                      0x008e1f1c
                                                      0x008e1f1a
                                                      0x008e1f0a
                                                      0x008e1eb9
                                                      0x008e1eb9
                                                      0x00000000
                                                      0x008e1eb9
                                                      0x008e1eb7
                                                      0x008e1ea7
                                                      0x008e1c24
                                                      0x008e1c25
                                                      0x008e1c2a
                                                      0x008e1c2d
                                                      0x008e1c2f
                                                      0x008e1e7f
                                                      0x008e1e7f
                                                      0x00000000
                                                      0x008e1c35
                                                      0x008e1c35
                                                      0x008e1c38
                                                      0x008e1c3b
                                                      0x008e1c53
                                                      0x008e1c56
                                                      0x008e1c59
                                                      0x008e1c5b
                                                      0x008e1c5e
                                                      0x008e1c61
                                                      0x008e1c67
                                                      0x008e1c6e
                                                      0x008e1c75
                                                      0x008e1c78
                                                      0x008e1c7b
                                                      0x00000000
                                                      0x008e1c7b
                                                      0x008e1c2f
                                                      0x008e1c1e
                                                      0x008e1c17
                                                      0x008e1c08
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e13cb
                                                      0x008e13bb
                                                      0x008e11f7
                                                      0x008e121d
                                                      0x008e1225
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1225
                                                      0x008e11f5

                                                      APIs
                                                      • std::_Xinvalid_argument.LIBCPMT ref: 008E1155
                                                        • Part of subcall function 008E247D: std::invalid_argument::invalid_argument.LIBCONCRT ref: 008E2489
                                                      • CreateMutexW.KERNELBASE(00000000,00000000,// {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}), ref: 008E11BD
                                                      • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,?), ref: 008E11D8
                                                      • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,?), ref: 008E11F1
                                                      • RegQueryValueExW.KERNELBASE(?,Release,00000000,?,?,000000FF), ref: 008E121D
                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,000000FF,?,73AFF5D0), ref: 008E1283
                                                      • CreateProcessW.KERNELBASE(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?,0000000F,00000000,?,0000000F,00000000,00000000), ref: 008E17DF
                                                      • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008E17EE
                                                      • CloseHandle.KERNEL32(?), ref: 008E1801
                                                      • CloseHandle.KERNEL32(?), ref: 008E180A
                                                      • GetLastError.KERNEL32 ref: 008E18B3
                                                      • StrCmpIW.SHLWAPI(?), ref: 008E1918
                                                      • StrCmpIW.SHLWAPI(?), ref: 008E19A0
                                                      • StrCmpIW.SHLWAPI(?), ref: 008E1A08
                                                      • StrCmpIW.SHLWAPI(?), ref: 008E1A90
                                                      • MessageBoxW.USER32(00000000,00000000,?,00000031), ref: 008E1AB3
                                                      • ShellExecuteW.SHELL32(-00000001,open,https://go.microsoft.com/fwlink/?linkid=2134832,-00000001,-00000001,00000001), ref: 008E1ACD
                                                      • GetUserPreferredUILanguages.KERNEL32(00000008,00000000,00000000,00000000,008F3A58,00000000,112D3EBC,00000000,73BCF560), ref: 008E1BCC
                                                      • GetUserPreferredUILanguages.KERNEL32(00000008,00000000,00000000,00000000), ref: 008E1C8D
                                                      • Concurrency::cancel_current_task.LIBCPMT ref: 008E1E89
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CloseCreateHandleLanguagesOpenPreferredUser$Concurrency::cancel_current_taskErrorExecuteFileLastMessageModuleMutexNameObjectProcessQueryShellSingleValueWaitXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                      • String ID: // {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}$BWInstaller.exe$D$Release$SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full$StartupInstaller.exe - This installer could not be started.$This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wal$en-us$https://go.microsoft.com/fwlink/?linkid=2134832$open$string too long$L%u
                                                      • API String ID: 86293303-4183155622
                                                      • Opcode ID: 9d599034d8c3586ada1d7f1b2a82c648d4734418d42371269f132dfe8d1820fe
                                                      • Instruction ID: fc28157b42faffc64e153ec62a09187046204e10fc9e8ed2e84746e856825225
                                                      • Opcode Fuzzy Hash: 9d599034d8c3586ada1d7f1b2a82c648d4734418d42371269f132dfe8d1820fe
                                                      • Instruction Fuzzy Hash: E5820631A043848BDB24DF69CC89BAEB7E5FF8A304F104A2DF549D7291E774A944CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 72%
                                                      			E008E1160(void* __ebx, void* __edi, void* __esi) {
				intOrPtr _v0;
				signed int _v8;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				int** _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				char _v80;
				signed int _v84;
				intOrPtr _v88;
				short* _v92;
				signed int _v96;
				signed int _v100;
				char _v268;
				short _v796;
				short _v800;
				short _v802;
				short _v804;
				short _v806;
				short _v808;
				intOrPtr _v836;
				char _v844;
				char _v864;
				char _v1076;
				struct _STARTUPINFOW _v1208;
				char _v1212;
				WCHAR* _v1220;
				WCHAR* _v1224;
				signed int _v1228;
				void* _v1240;
				signed int _v1248;
				signed int _v1276;
				int* _v1280;
				signed int _v1288;
				int* _v1292;
				short _v1296;
				struct _PROCESS_INFORMATION _v1312;
				void _v1324;
				signed int _v1328;
				int* _v1332;
				signed int _v1336;
				int* _v1340;
				intOrPtr _v1344;
				WCHAR* _v1348;
				short* _v1352;
				short* _v1356;
				signed int _v1360;
				signed int _v1364;
				signed int _v1372;
				int* _v1376;
				char _v1380;
				intOrPtr _v1384;
				int* _v1388;
				short _v1392;
				signed int _v1396;
				signed int _v1404;
				int* _v1408;
				signed int _v1412;
				int* _v1416;
				char _v1432;
				int* _v1436;
				intOrPtr _v1440;
				intOrPtr _v1444;
				signed int _v1448;
				intOrPtr _v1452;
				signed int _v1456;
				signed int _v1460;
				intOrPtr _v1464;
				intOrPtr _v1468;
				signed int _v1528;
				unsigned int _v1532;
				intOrPtr _v1536;
				signed int _v1544;
				unsigned int _v1548;
				unsigned int _v1552;
				signed int _v1564;
				intOrPtr _v1572;
				unsigned int _v1576;
				signed int _t417;
				long _t423;
				long _t424;
				WCHAR* _t427;
				signed int _t428;
				WCHAR* _t430;
				signed int _t431;
				WCHAR* _t432;
				void* _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t444;
				signed int _t449;
				signed int _t451;
				short* _t452;
				int** _t455;
				signed int _t461;
				intOrPtr _t466;
				signed int _t471;
				signed int _t485;
				unsigned int _t487;
				void* _t488;
				signed int _t494;
				signed int _t508;
				signed int _t510;
				signed int _t511;
				unsigned int _t513;
				void* _t514;
				void* _t520;
				signed int _t531;
				signed int _t533;
				void* _t536;
				void* _t537;
				signed int _t539;
				signed int _t540;
				signed int _t543;
				unsigned int _t545;
				signed int _t549;
				signed int _t550;
				signed int _t554;
				signed int _t559;
				signed int _t562;
				signed short* _t569;
				intOrPtr _t570;
				signed int _t571;
				int** _t573;
				signed int _t580;
				signed int _t584;
				signed int _t586;
				signed int _t589;
				signed int _t596;
				signed short* _t598;
				signed int _t606;
				long _t608;
				intOrPtr _t615;
				signed int _t617;
				signed int _t619;
				short* _t626;
				short* _t628;
				signed int _t637;
				intOrPtr _t641;
				int* _t645;
				intOrPtr _t650;
				intOrPtr _t658;
				signed int _t675;
				intOrPtr _t679;
				WCHAR* _t683;
				signed char _t690;
				void* _t691;
				intOrPtr* _t692;
				signed int _t695;
				long _t699;
				void* _t700;
				signed int _t701;
				unsigned int _t703;
				signed int _t704;
				signed int _t711;
				signed int _t716;
				int** _t724;
				signed int _t727;
				signed int _t728;
				signed int _t729;
				unsigned int _t730;
				void* _t737;
				void* _t740;
				void* _t747;
				void* _t748;
				intOrPtr* _t749;
				int** _t753;
				signed short* _t755;
				signed int _t759;
				intOrPtr* _t764;
				intOrPtr* _t768;
				intOrPtr _t775;
				signed int _t778;
				intOrPtr _t783;
				int* _t784;
				intOrPtr _t785;
				signed int _t788;
				intOrPtr _t789;
				void* _t790;
				signed int _t791;
				signed int _t792;
				signed int _t794;
				signed int _t797;
				signed int _t799;
				intOrPtr* _t800;
				signed int _t801;
				intOrPtr _t802;
				unsigned int _t804;
				signed int _t805;
				signed int _t808;
				signed short* _t809;
				signed short* _t810;
				void* _t811;
				void* _t812;
				signed int _t813;
				signed int _t814;
				short* _t815;
				signed int _t816;
				signed int _t817;
				signed int _t818;
				signed int _t819;
				void* _t820;
				void* _t821;
				void* _t822;
				int* _t824;
				void* _t825;
				void* _t826;
				WCHAR* _t827;
				signed int _t829;
				signed int _t832;
				signed int _t833;
				signed int _t837;
				signed int _t840;
				signed short* _t850;
				void* _t852;
				intOrPtr _t853;
				signed int _t859;
				int** _t862;
				signed int _t864;
				signed int _t866;
				unsigned int _t867;
				signed int _t868;
				signed int _t873;
				void* _t875;
				unsigned int _t877;
				signed int _t880;
				void* _t882;
				signed int _t884;
				signed int _t886;
				signed int _t890;
				signed int _t893;
				void* _t895;
				void* _t896;
				signed int _t904;
				signed int _t906;
				signed int _t907;
				signed int _t911;
				void* _t912;
				void* _t918;
				void* _t919;
				void* _t920;

				_t830 = __edi;
				_t700 = __ebx;
				_t890 = _t904;
				_t906 = (_t904 & 0xfffffff0) - 0x548;
				_t417 =  *0x901004; // 0x112d3ebc
				_v8 = _t417 ^ _t906;
				_push(__esi);
				_push(__edi);
				_v1240 = 0;
				_v1208.dwXCountChars = 4;
				E008E3900(__edi,  &_v268, 0, 0xff);
				_t907 = _t906 + 0xc;
				_v1208.dwYSize = 0xff;
				CreateMutexW(0, 0, L"// {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}"); // executed
				_t423 = RegOpenKeyW(0x80000002, L"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",  &_v1240); // executed
				if(_t423 != 0) {
					L64:
					_t424 = GetLastError();
					__eflags = _t424 - 0xb7;
					if(_t424 == 0xb7) {
						goto L104;
					} else {
						L109();
						__eflags = _v1208.lpDesktop - 8;
						_t427 =  &_v1220;
						_t832 = StrCmpIW;
						_v1348 = _t427;
						if(_v1208.lpDesktop < 8) {
							L68:
							_t859 = 0;
							__eflags = 0;
							while(1) {
								_t428 = StrCmpIW(_t427,  *(0x8ff760 + _t859 * 8));
								__eflags = _t428;
								if(_t428 == 0) {
									break;
								}
								_t427 = _v1352;
								_t859 = _t859 + 1;
								__eflags = _t859 - 0x5f;
								if(_t859 < 0x5f) {
									continue;
								} else {
									_t810 = _v1352;
									__eflags = 0;
									_v808 = 0;
									_t759 = 0x3fffffff;
									_v804 = 0;
									_t598 = _t810;
									while(1) {
										__eflags =  *_t598;
										if( *_t598 == 0) {
											break;
										}
										_t598 =  &(_t598[1]);
										_t759 = _t759 - 1;
										__eflags = _t759;
										if(_t759 != 0) {
											continue;
										}
										break;
									}
									__eflags = _t759;
									if(_t759 == 0) {
										goto L67;
									} else {
										_t600 = 0x3fffffff - _t759;
										asm("sbb ecx, ecx");
										__eflags = ( ~_t759 & 0x3fffffff - _t759 + _t600) - 2;
										if(( ~_t759 & 0x3fffffff - _t759 + _t600) <= 2) {
											goto L67;
										} else {
											_v808 =  *_t810 & 0x0000ffff;
											_v806 = _t810[1] & 0x0000ffff;
											_v804 = 0;
											_t859 = 0;
											__eflags = 0;
											while(1) {
												_t606 = StrCmpIW( &_v808,  *(0x8ff760 + _t859 * 8));
												__eflags = _t606;
												if(_t606 == 0) {
													break;
												}
												_t859 = _t859 + 1;
												__eflags = _t859 - 0x5f;
												if(_t859 < 0x5f) {
													continue;
												} else {
													_v1356 = L"StartupInstaller.exe - This installer could not be started.";
												}
												goto L82;
											}
											_v1356 =  *((intOrPtr*)(0x8ff764 + _t859 * 8));
										}
									}
								}
								goto L82;
							}
							_v1352 =  *((intOrPtr*)(0x8ff764 + _t859 * 8));
						} else {
							_t427 = _v1220;
							_v1348 = _t427;
							__eflags = _t427;
							if(_t427 != 0) {
								goto L68;
							} else {
								L67:
								_v1352 = L"StartupInstaller.exe - This installer could not be started.";
							}
						}
						L82:
						__eflags = _v1208.lpReserved - 8;
						_t430 =  &_v1224;
						_v1348 = _t430;
						if(_v1208.lpReserved < 8) {
							L85:
							_t859 = 0;
							__eflags = 0;
							while(1) {
								_t431 = StrCmpIW(_t430,  *(0x8ff468 + _t859 * 8));
								__eflags = _t431;
								if(_t431 == 0) {
									break;
								}
								_t430 = _v1352;
								_t859 = _t859 + 1;
								__eflags = _t859 - 0x5f;
								if(_t859 < 0x5f) {
									continue;
								} else {
									_t809 = _v1352;
									__eflags = 0;
									_v804 = 0;
									_t755 = _t809;
									_v800 = 0;
									_t589 = 0x3fffffff;
									while(1) {
										__eflags =  *_t755;
										if( *_t755 == 0) {
											break;
										}
										_t755 =  &(_t755[1]);
										_t589 = _t589 - 1;
										__eflags = _t589;
										if(_t589 != 0) {
											continue;
										}
										break;
									}
									__eflags = _t589;
									if(_t589 == 0) {
										L96:
										_t432 = L"This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wallpaper.\n\nDo you want to install this .Net Framework version now?";
									} else {
										_t757 = 0x3fffffff - _t589;
										asm("sbb eax, eax");
										__eflags = ( ~_t589 & 0x3fffffff - _t589 + _t757) - 2;
										if(( ~_t589 & 0x3fffffff - _t589 + _t757) <= 2) {
											goto L96;
										} else {
											_v804 =  *_t809 & 0x0000ffff;
											_v802 = _t809[1] & 0x0000ffff;
											_v800 = 0;
											_t859 = 0;
											__eflags = 0;
											while(1) {
												_t596 = StrCmpIW( &_v804,  *(0x8ff468 + _t859 * 8));
												__eflags = _t596;
												if(_t596 == 0) {
													goto L97;
												}
												_t859 = _t859 + 1;
												__eflags = _t859 - 0x5f;
												if(_t859 < 0x5f) {
													continue;
												} else {
													goto L96;
												}
												goto L98;
											}
											break;
										}
									}
								}
								goto L98;
							}
							L97:
							_t432 =  *(0x8ff46c + _t859 * 8);
						} else {
							_t430 = _v1224;
							_v1348 = _t430;
							__eflags = _t430;
							if(_t430 != 0) {
								goto L85;
							} else {
								_t432 = L"This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wallpaper.\n\nDo you want to install this .Net Framework version now?";
							}
						}
						L98:
						_t434 = MessageBoxW(0, _t432, _v1356, 0x31) - 1;
						__eflags = _t434;
						if(_t434 == 0) {
							ShellExecuteW(_t434, L"open", L"https://go.microsoft.com/fwlink/?linkid=2134832", _t434, _t434, 1);
						}
						_t797 = _v1208.cb;
						__eflags = _t797 - 8;
						if(_t797 < 8) {
							goto L104;
						} else {
							_t716 = _v1228;
							_t798 = 2 + _t797 * 2;
							_t435 = _t716;
							__eflags = _t798 - 0x1000;
							if(_t798 < 0x1000) {
								goto L103;
							} else {
								_t716 =  *((intOrPtr*)(_t716 - 4));
								_t798 = _t798 + 0x23;
								__eflags = _t435 - _t716 + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									goto L108;
								} else {
									goto L103;
								}
							}
						}
					}
				} else {
					_t608 = RegOpenKeyW(0x80000002, L"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full",  &_v1240); // executed
					if(_t608 != 0) {
						L3:
						_v1208.lpReserved2 = 0;
						_push(0);
						_push(0x8f3a58);
						_v1208.hStdInput = 7;
						_v1208.dwYCountChars = 0;
						L162();
						E008E3900(_t830,  &_v796, 0, 0x208);
						_t907 = _t907 + 0xc;
						GetModuleFileNameW(0,  &_v796, 0x104);
						_v1332 = 0;
						_t764 =  &_v796;
						_v1328 = 7;
						_v1348 = 0;
						_t811 = _t764 + 2;
						asm("o16 nop [eax+eax]");
						do {
							_t615 =  *_t764;
							_t764 = _t764 + 2;
						} while (_t615 != 0);
						_push(_t764 - _t811 >> 1);
						_push( &_v796);
						L162();
						_t886 = _v1340;
						_t852 =  >=  ? _v1356 :  &_v1356;
						if(_t886 == 0) {
							L21:
							_t859 = _t886 | 0xffffffff;
							__eflags = _t859;
						} else {
							E008E3900(_t852,  &_v1076, 0, 0x100);
							_t907 = _t907 + 0xc;
							_t791 = L"\\/";
							while(1) {
								_t690 =  *_t791 & 0x0000ffff;
								if(_t690 >= 0x100) {
									break;
								}
								_t791 = _t791 + 2;
								 *((char*)(_t907 + (_t690 & 0x000000ff) + 0x130)) = 1;
								if(_t791 != 0x8ff418) {
									continue;
								} else {
									_t32 = _t886 - 1; // -1
									_t796 =  <  ? _t32 : _t791 | 0xffffffff;
									_t886 = _t852 + ( <  ? _t32 : _t791 | 0xffffffff) * 2;
									while(1) {
										_t695 =  *_t886 & 0x0000ffff;
										if(_t695 < 0x100 &&  *((char*)(_t907 + _t695 + 0x130)) != 0) {
											break;
										}
										if(_t886 == _t852) {
											goto L21;
										} else {
											_t886 = _t886 - 2;
											continue;
										}
										goto L22;
									}
									L20:
									_t859 = _t886 - _t852 >> 1;
								}
								goto L22;
							}
							_t37 = _t886 - 1; // -1
							_t691 = _t37;
							_t792 = _t791 | 0xffffffff;
							__eflags = _t691 - _t792;
							_t793 =  <  ? _t691 : _t792;
							_t886 = _t852 + ( <  ? _t691 : _t792) * 2;
							while(1) {
								L15:
								_t829 =  *_t886 & 0x0000ffff;
								_t794 = 2;
								_t692 = L"\\/";
								while(1) {
									__eflags =  *_t692 - _t829;
									if( *_t692 == _t829) {
										goto L20;
									}
									_t692 = _t692 + 2;
									_t794 = _t794 - 1;
									__eflags = _t794;
									if(_t794 != 0) {
										continue;
									} else {
										__eflags = _t886 - _t852;
										if(_t886 == _t852) {
											goto L21;
										} else {
											_t886 = _t886 - 2;
											goto L15;
										}
									}
									goto L22;
								}
								goto L20;
							}
						}
						L22:
						_t617 = _v1336;
						__eflags = _t617 - 8;
						if(_t617 < 8) {
							L26:
							__eflags = 0;
							_v1340 = 0;
							_t768 =  &_v804;
							_v1336 = 7;
							_v1356 = 0;
							_t812 = _t768 + 2;
							do {
								_t619 =  *_t768;
								_t768 = _t768 + 2;
								__eflags = _t619;
							} while (_t619 != 0);
							_push(_t768 - _t812 >> 1);
							_push( &_v804);
							L162();
							_v1292 = 0;
							__eflags = _v1348 - _t859;
							_v1312.hThread = 0;
							_t859 =  <  ? _v1348 : _t859;
							__eflags = _v1344 - 8;
							_push(_t859);
							_t623 =  >=  ? _v1364 :  &_v1364;
							_push( >=  ? _v1364 :  &_v1364);
							_v1288 = 7;
							L162();
							_t813 = _v1208.dwXSize;
							__eflags = _t813 - 8;
							if(_t813 < 8) {
								L32:
								asm("movaps xmm0, [esp+0x50]");
								_t814 = _v1352;
								asm("movaps [esp+0xc0], xmm0");
								asm("movq xmm0, [esp+0x60]");
								asm("movq [esp+0xd0], xmm0");
								__eflags = _t814 - 8;
								if(_t814 < 8) {
									L36:
									_push(1);
									_v1356 = 0;
									_push("\\");
									_v1352 = 7;
									_v1372 = 0;
									L162();
									__eflags = _v1312.dwProcessId - 8;
									_t775 =  >=  ? _v1324 :  &_v1212;
									_t832 = _v1364;
									_t626 = _v1360 - _t832;
									_t859 = _v1312.hThread;
									_v1384 = _t775;
									__eflags = _t859 - _t626;
									if(_t859 > _t626) {
										_push(_t859);
										_push(_t775);
										_push(_t775);
										_v844 = 0;
										_push(_v844);
										_push(_t859);
										L189();
									} else {
										__eflags = _v1360 - 8;
										_v1364 = _t859 + _t832;
										_t824 =  >=  ? _v1380 :  &_v1380;
										_t658 = _t859 + _t859;
										_v844 = _t658;
										_t853 = _t832 + _t832;
										_v1388 = _t824;
										_v836 = _t853;
										__eflags = _t658 + _t775 - _t824;
										if(_t658 + _t775 <= _t824) {
											L42:
											_t832 = _t859;
										} else {
											__eflags = _t775 - _t824 + _t853;
											if(_t775 > _t824 + _t853) {
												goto L42;
											} else {
												__eflags = _t824 - _t775;
												if(_t824 > _t775) {
													_t832 = _t824 - _t775 >> 1;
												} else {
													_t832 = 0;
												}
											}
										}
										E008E4D80(_v844 + _t824, _t824, _v836 + 2);
										_t859 = _t832 + _t832;
										E008E5440(_v1388, _v1384, _t859);
										E008E5440(_v1388 + _t859, _v1384 + (_v1312.hThread + _t832) * 2, _v1312.hThread - _t832 + _v1312.hThread - _t832);
										_t907 = _t907 + 0x24;
										_t626 =  &_v1380;
									}
									asm("movups xmm0, [eax]");
									asm("movups [esp+0x30], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [esp+0x40], xmm0");
									 *(_t626 + 0x10) = 0;
									 *(_t626 + 0x14) = 7;
									 *_t626 = 0;
									_t815 = _v1356;
									_t778 = _v1360;
									_t628 = _t815 - _t778;
									__eflags = _t628 - 0xf;
									if(_t628 < 0xf) {
										_push(0xf);
										_push(_t778);
										_v864 = 0;
										_push(_v864);
										_push(0xf);
										L212();
									} else {
										__eflags = _t815 - 8;
										_t859 =  >=  ? _v1376 :  &_v1376;
										_t832 = _t778 + 0xf;
										_v1360 = _t832;
										E008E4D80(_t859 + _t778 * 2, L"BWInstaller.exe", 0x1e);
										_t907 = _t907 + 0xc;
										 *((short*)(_t859 + _t832 * 2)) = 0;
										_t628 =  &_v1376;
									}
									asm("movups xmm0, [eax]");
									asm("movups [esp+0x90], xmm0");
									asm("movq xmm0, [eax+0x10]");
									asm("movq [esp+0xa0], xmm0");
									 *(_t628 + 0x10) = 0;
									 *(_t628 + 0x14) = 7;
									 *_t628 = 0;
									_t816 = _v1372;
									__eflags = _t816 - 8;
									if(_t816 < 8) {
										L52:
										_t817 = _v1396;
										_v1376 = 0;
										_v1372 = 7;
										_v1392 = 0;
										__eflags = _t817 - 8;
										if(_t817 < 8) {
											L56:
											__eflags = _v1276 - 8;
											_v1208.cb = 0x44;
											asm("xorps xmm0, xmm0");
											_t631 =  >=  ? _v1296 :  &_v1296;
											asm("movlpd [esp+0x114], xmm0");
											asm("movlpd [esp+0x11c], xmm0");
											asm("movlpd [esp+0x124], xmm0");
											asm("movlpd [esp+0x12c], xmm0");
											asm("movlpd [esp+0x134], xmm0");
											asm("movlpd [esp+0x13c], xmm0");
											asm("movlpd [esp+0x144], xmm0");
											asm("movlpd [esp+0x14c], xmm0");
											asm("movaps [esp+0xa8], xmm0"); // executed
											CreateProcessW( >=  ? _v1296 :  &_v1296, 0, 0, 0, 0, 0, 0, 0,  &_v1208,  &_v1312); // executed
											WaitForSingleObject(_v1312.hProcess, 0xffffffff);
											_t859 = CloseHandle;
											CloseHandle(_v1312);
											CloseHandle(_v1312.hThread);
											_t818 = _v1276;
											__eflags = _t818 - 8;
											if(_t818 < 8) {
												L60:
												_t819 = _v1228;
												_v1280 = 0;
												_v1276 = 7;
												_v1296 = 0;
												__eflags = _t819 - 8;
												if(_t819 < 8) {
													L104:
													__eflags = _v8 ^ _t907;
													return E008E249D(_v8 ^ _t907);
												} else {
													_t716 = _v1248;
													_t798 = 2 + _t819 * 2;
													_t637 = _t716;
													__eflags = _t798 - 0x1000;
													if(_t798 < 0x1000) {
														L103:
														_push(_t798);
														E008E25FF(_t716);
														_t907 = _t907 + 8;
														goto L104;
													} else {
														_t716 =  *((intOrPtr*)(_t716 - 4));
														_t798 = _t798 + 0x23;
														__eflags = _t637 - _t716 + 0xfffffffc - 0x1f;
														if(__eflags > 0) {
															goto L107;
														} else {
															goto L103;
														}
													}
												}
											} else {
												_t783 = _v1296;
												_t820 = 2 + _t818 * 2;
												_t641 = _t783;
												__eflags = _t820 - 0x1000;
												if(_t820 < 0x1000) {
													L59:
													_push(_t820);
													E008E25FF(_t783);
													_t907 = _t907 + 8;
													goto L60;
												} else {
													_t716 =  *((intOrPtr*)(_t783 - 4));
													_t798 = _t820 + 0x23;
													__eflags = _t641 - _t716 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L107;
													} else {
														goto L59;
													}
												}
											}
										} else {
											_t784 = _v1416;
											_t821 = 2 + _t817 * 2;
											_t645 = _t784;
											__eflags = _t821 - 0x1000;
											if(_t821 < 0x1000) {
												L55:
												_push(_t821);
												E008E25FF(_t784);
												_t907 = _t907 + 8;
												goto L56;
											} else {
												_t716 =  *((intOrPtr*)(_t784 - 4));
												_t798 = _t821 + 0x23;
												__eflags = _t645 - _t716 + 0xfffffffc - 0x1f;
												if(__eflags > 0) {
													goto L106;
												} else {
													goto L55;
												}
											}
										}
									} else {
										_t785 = _v1392;
										_t822 = 2 + _t816 * 2;
										_t650 = _t785;
										__eflags = _t822 - 0x1000;
										if(_t822 < 0x1000) {
											L51:
											_push(_t822);
											E008E25FF(_t785);
											_t907 = _t907 + 8;
											goto L52;
										} else {
											_t716 =  *((intOrPtr*)(_t785 - 4));
											_t798 = _t822 + 0x23;
											__eflags = _t650 - _t716 + 0xfffffffc - 0x1f;
											if(__eflags > 0) {
												goto L106;
											} else {
												goto L51;
											}
										}
									}
								} else {
									_t788 = _v1372;
									_t825 = 2 + _t814 * 2;
									_t675 = _t788;
									__eflags = _t825 - 0x1000;
									if(_t825 < 0x1000) {
										L35:
										_push(_t825);
										E008E25FF(_t788);
										_t907 = _t907 + 8;
										goto L36;
									} else {
										_t716 =  *((intOrPtr*)(_t788 - 4));
										_t798 = _t825 + 0x23;
										__eflags = _t675 - _t716 + 0xfffffffc - 0x1f;
										if(__eflags > 0) {
											goto L107;
										} else {
											goto L35;
										}
									}
								}
							} else {
								_t789 = _v1208.lpReserved;
								_t826 = 2 + _t813 * 2;
								_t679 = _t789;
								__eflags = _t826 - 0x1000;
								if(_t826 < 0x1000) {
									L31:
									_push(_t826);
									E008E25FF(_t789);
									_t907 = _t907 + 8;
									goto L32;
								} else {
									_t716 =  *((intOrPtr*)(_t789 - 4));
									_t798 = _t826 + 0x23;
									__eflags = _t679 - _t716 + 0xfffffffc - 0x1f;
									if(__eflags > 0) {
										goto L107;
									} else {
										goto L31;
									}
								}
							}
						} else {
							_t827 = _v1356;
							_t790 = 2 + _t617 * 2;
							_t683 = _t827;
							__eflags = _t790 - 0x1000;
							if(_t790 < 0x1000) {
								L25:
								_push(_t790);
								E008E25FF(_t827);
								_t907 = _t907 + 8;
								goto L26;
							} else {
								_t798 =  *((intOrPtr*)(_t827 - 4));
								_t716 = _t790 + 0x23;
								__eflags = _t683 -  *((intOrPtr*)(_t827 - 4)) + 0xfffffffc - 0x1f;
								if(__eflags > 0) {
									E008E5D27(_t700, _t716, _t798, _t852, __eflags);
									L106:
									E008E5D27(_t700, _t716, _t798, _t832, __eflags);
									L107:
									E008E5D27(_t700, _t716, _t798, _t832, __eflags);
									L108:
									E008E5D27(_t700, _t716, _t798, _t832, __eflags);
									asm("int3");
									asm("int3");
									asm("int3");
									_t701 = _t907;
									_t911 = (_t907 - 0x00000008 & 0xfffffff8) + 4;
									_v1380 =  *((intOrPtr*)(_t701 + 4));
									_t893 = _t911;
									_t912 = _t911 - 0x48;
									_t441 =  *0x901004; // 0x112d3ebc
									_t442 = _t441 ^ _t893;
									_v1404 = _t442;
									 *[fs:0x0] =  &_v1396;
									_t444 = _t716;
									_v1460 = _t444;
									_v1456 = _t444;
									_v1456 = _t444;
									_v1408 = 0;
									_v1448 = 0;
									_v1416 = 0;
									_v1412 = 7;
									_v1432 = 0;
									L162();
									_v1388 = 0;
									__imp__GetUserPreferredUILanguages(8,  &_v1408, 0,  &_v1448, 0x8f3a58, 0, _t442, _t832, _t859, _t701,  *[fs:0x0], 0x8eede5, 0xffffffff, _t890, _t700);
									_v1436 = 0;
									asm("xorps xmm0, xmm0");
									_v1452 = 0;
									asm("movq [ebp-0x3c], xmm0");
									_t860 = 0;
									_v1440 = 0;
									_t833 = 0;
									_v1464 = 0;
									_t449 = _v1448;
									_v1468 = 0;
									_v1444 = 0;
									_v1436 = 0;
									_v1456 = _t449;
									__eflags = _t449;
									if(_t449 == 0) {
										L119:
										_v20 = 1;
										_t451 =  &_v40;
										__imp__GetUserPreferredUILanguages(8, _t451, _t860,  &_v80);
										__eflags = _t451;
										if(_t451 == 0) {
											L138:
											_t452 = _v92;
											_push(5);
											_push(L"en-us");
											 *(_t452 + 0x10) = 0;
											 *(_t452 + 0x14) = 7;
											 *_t452 = 0;
											L162();
											__eflags = _t860;
											if(_t860 == 0) {
												L142:
												_t799 = _v44;
												__eflags = _t799 - 8;
												if(_t799 < 8) {
													goto L136;
												} else {
													_t724 = _v64;
													_t800 = 2 + _t799 * 2;
													_t455 = _t724;
													__eflags = _t800 - 0x1000;
													if(_t800 < 0x1000) {
														goto L135;
													} else {
														_t724 =  *(_t724 - 4);
														_t800 = _t800 + 0x23;
														__eflags = _t455 - _t724 + 0xfffffffc - 0x1f;
														if(__eflags <= 0) {
															goto L135;
														} else {
															goto L145;
														}
													}
												}
											} else {
												_t554 = _t860;
												_t833 = _t833 - _t860 & 0xfffffffe;
												__eflags = _t833 - 0x1000;
												if(_t833 < 0x1000) {
													L141:
													_push(_t833);
													E008E25FF(_t860);
													_t912 = _t912 + 8;
													goto L142;
												} else {
													_t860 =  *(_t860 - 4);
													_t833 = _t833 + 0x23;
													__eflags = _t554 - _t860 + 0xfffffffc - 0x1f;
													if(__eflags > 0) {
														goto L145;
													} else {
														goto L141;
													}
												}
											}
										} else {
											_t800 = _v96;
											_t559 = _v84 - _t800;
											__eflags = _t559;
											if(_t559 == 0) {
												goto L138;
											} else {
												__eflags = _v40;
												if(_v40 <= 0) {
													goto L138;
												} else {
													_t749 = _t800;
													_v88 = _t749 + 2;
													do {
														_t562 =  *_t749;
														_t749 = _t749 + 2;
														__eflags = _t562;
													} while (_t562 != 0);
													_push(_t749 - _v88 >> 1);
													_push(_t800);
													L162();
													__eflags = _v44 - 8;
													_t753 = _v64;
													_t564 =  >=  ? _t753 :  &_v64;
													_v84 =  >=  ? _t753 :  &_v64;
													_t566 =  >=  ? _t753 :  &_v64;
													_t833 = _v68;
													_v96 =  &(( >=  ? _t753 :  &_v64)[_v48]);
													_t569 =  >=  ? _t753 :  &_v64;
													__eflags = _t569 - _v96;
													if(_t569 != _v96) {
														_t850 = _t569;
														_t274 =  &_v84;
														 *_t274 = _v84 - _t850;
														__eflags =  *_t274;
														_t884 = _v84;
														do {
															 *((short*)(_t884 + _t850)) = E008E5B3B( *_t850 & 0x0000ffff);
															_t912 = _t912 + 4;
															_t850 =  &(_t850[1]);
															__eflags = _t850 - _v96;
														} while (_t850 != _v96);
														_t860 = _v100;
														_t833 = _v68;
													}
													__eflags = _v48;
													if(_v48 == 0) {
														goto L138;
													} else {
														_t570 = _v92;
														_t724 = 0;
														asm("movups xmm0, [ebp-0x30]");
														_v64 = 0;
														 *(_t570 + 0x10) = 0;
														 *(_t570 + 0x14) = 0;
														asm("movups [eax], xmm0");
														asm("movq xmm0, [ebp-0x20]");
														asm("movq [eax+0x10], xmm0");
														_v48 = 0;
														_v44 = 7;
														__eflags = _t860;
														if(_t860 == 0) {
															L137:
															 *[fs:0x0] = _v28;
															__eflags = _v36 ^ _t893;
															return E008E249D(_v36 ^ _t893);
														} else {
															_t571 = _t860;
															_t833 = _t833 - _t860 & 0xfffffffe;
															__eflags = _t833 - 0x1000;
															if(_t833 < 0x1000) {
																L132:
																_push(_t833);
																E008E25FF(_t860);
																_t808 = _v44;
																_t912 = _t912 + 8;
																__eflags = _t808 - 8;
																if(_t808 < 8) {
																	L136:
																	goto L137;
																} else {
																	_t724 = _v64;
																	_t800 = 2 + _t808 * 2;
																	_t573 = _t724;
																	__eflags = _t800 - 0x1000;
																	if(_t800 < 0x1000) {
																		L135:
																		_push(_t800);
																		E008E25FF(_t724);
																		goto L136;
																	} else {
																		_t724 =  *(_t724 - 4);
																		_t800 = _t800 + 0x23;
																		__eflags = _t573 - _t724 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			goto L145;
																		} else {
																			goto L135;
																		}
																	}
																}
															} else {
																_t860 =  *(_t860 - 4);
																_t833 = _t833 + 0x23;
																__eflags = _t571 - _t860 + 0xfffffffc - 0x1f;
																if(__eflags > 0) {
																	goto L145;
																} else {
																	goto L132;
																}
															}
														}
													}
												}
											}
										}
									} else {
										__eflags = _t449 - 0x7fffffff;
										if(_t449 > 0x7fffffff) {
											L146:
											L188();
											goto L147;
										} else {
											_t833 = _t449 + _t449;
											__eflags = _t833 - 0x1000;
											if(_t833 < 0x1000) {
												__eflags = _t833;
												if(__eflags == 0) {
													_t860 = 0;
													__eflags = 0;
												} else {
													_t584 = E008E25CF( &_v1432, 0, __eflags, _t833);
													_t912 = _t912 + 4;
													_t860 = _t584;
												}
												goto L118;
											} else {
												_t240 = _t833 + 0x23; // 0x23
												_t585 = _t240;
												__eflags = _t240 - _t833;
												if(__eflags <= 0) {
													L147:
													E008E10B0();
													asm("int3");
													asm("int3");
													_push(_t860);
													_t862 = _t724;
													_t461 =  *_t862;
													__eflags = _t461;
													if(_t461 == 0) {
														L153:
														return _t461;
													} else {
														_t727 = _t862[2] - _t461 & 0xfffffffe;
														__eflags = _t727 - 0x1000;
														if(_t727 < 0x1000) {
															L152:
															_push(_t727);
															_t461 = E008E25FF(_t461);
															 *_t862 = 0;
															_t862[1] = 0;
															_t862[2] = 0;
															goto L153;
														} else {
															_t801 =  *(_t461 - 4);
															_t727 = _t727 + 0x23;
															__eflags = _t461 - _t801 + 0xfffffffc - 0x1f;
															if(__eflags > 0) {
																E008E5D27(_t701, _t727, _t801, _t833, __eflags);
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																asm("int3");
																_push(_t862);
																_t864 = _t727;
																_t728 =  *(_t864 + 0x14);
																__eflags = _t728 - 8;
																if(_t728 < 8) {
																	L160:
																	__eflags = 0;
																	 *(_t864 + 0x10) = 0;
																	 *(_t864 + 0x14) = 7;
																	 *_t864 = 0;
																	return 0;
																} else {
																	_t466 =  *_t864;
																	_t729 = 2 + _t728 * 2;
																	__eflags = _t729 - 0x1000;
																	if(_t729 < 0x1000) {
																		L159:
																		_push(_t729);
																		E008E25FF(_t466);
																		goto L160;
																	} else {
																		_t802 =  *((intOrPtr*)(_t466 - 4));
																		_t729 = _t729 + 0x23;
																		__eflags = _t466 - _t802 + 0xfffffffc - 0x1f;
																		if(__eflags > 0) {
																			E008E5D27(_t701, _t729, _t802, _t833, __eflags);
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			asm("int3");
																			_push(_t893);
																			_t895 = _t912;
																			_t918 = _t912 - 0xc;
																			_t471 = _v1528;
																			_t803 = _v1532;
																			_push(_t701);
																			_push(_t864);
																			_push(_t833);
																			_t835 = _t729;
																			_v1548 = _v1532;
																			_v1544 = _t471;
																			_t730 =  *(_t835 + 0x14);
																			_v1552 = _t730;
																			__eflags = _t471 - _t730;
																			if(_t471 > _t730) {
																				__eflags = _t471 - 0x7ffffffe;
																				if(__eflags > 0) {
																					L186:
																					E008E1150(_t701, _t835, _t864, __eflags);
																					goto L187;
																				} else {
																					_t880 = _t471 | 0x00000007;
																					__eflags = _t880 - 0x7ffffffe;
																					if(_t880 <= 0x7ffffffe) {
																						_t803 = _t730 >> 1;
																						__eflags = _t730 - 0x7ffffffe - _t803;
																						if(_t730 <= 0x7ffffffe - _t803) {
																							_t536 = _t803 + _t730;
																							__eflags = _t880 - _t536;
																							_t864 =  <  ? _t536 : _t880;
																							_t326 = _t864 + 1; // 0x112d3ebd
																							_t537 = _t326;
																							__eflags = _t537 - 0x7fffffff;
																							if(_t537 > 0x7fffffff) {
																								goto L185;
																							} else {
																								_t539 = _t537 + _t537;
																								__eflags = _t539 - 0x1000;
																								if(_t539 < 0x1000) {
																									__eflags = _t539;
																									if(__eflags == 0) {
																										_t701 = 0;
																										__eflags = 0;
																									} else {
																										_t549 = E008E25CF(_t730, _t864, __eflags, _t539);
																										_t918 = _t918 + 4;
																										_t701 = _t549;
																									}
																									goto L179;
																								} else {
																									goto L173;
																								}
																							}
																						} else {
																							_t864 = 0x7ffffffe;
																							_t539 = 0xfffffffe;
																							goto L173;
																						}
																					} else {
																						_t864 = 0x7ffffffe;
																						_t539 = 0xfffffffe;
																						L173:
																						_t327 = _t539 + 0x23; // 0x100000021
																						_t730 = _t327;
																						__eflags = _t730 - _t539;
																						if(__eflags <= 0) {
																							L185:
																							E008E10B0();
																							goto L186;
																						} else {
																							_t550 = E008E25CF(_t730, _t864, __eflags, _t730);
																							_t918 = _t918 + 4;
																							__eflags = _t550;
																							if(__eflags == 0) {
																								L187:
																								E008E5D27(_t701, _t730, _t803, _t835, __eflags);
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push("vector too long");
																								E008E247D();
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								asm("int3");
																								_push(_t895);
																								_t896 = _t918;
																								_t919 = _t918 - 0x10;
																								_t804 = _v1548;
																								_push(_t701);
																								_t703 = _t730;
																								_v1572 = _v1536;
																								_t731 = 0x7ffffffe;
																								_push(_t864);
																								_t866 =  *(_t703 + 0x10);
																								_v1564 = _t866;
																								_push(_t835);
																								__eflags = 0x7ffffffe - _t866 - _t804;
																								if(__eflags < 0) {
																									L210:
																									E008E1150(_t703, _t835, _t866, __eflags);
																									goto L211;
																								} else {
																									_t835 =  *(_t703 + 0x14);
																									_t511 = _t866 + _t804;
																									_v28 = _t511;
																									_t873 = _t511 | 0x00000007;
																									_v36 = _t835;
																									__eflags = _t873 - 0x7ffffffe;
																									if(__eflags <= 0) {
																										_t513 = _t835 >> 1;
																										__eflags = _t835 - 0x7ffffffe - _t513;
																										if(__eflags <= 0) {
																											_t514 = _t513 + _t835;
																											__eflags = _t873 - _t514;
																											_t866 =  <  ? _t514 : _t873;
																											__eflags = _t866;
																										} else {
																											_t866 = 0x7ffffffe;
																										}
																									} else {
																										_t866 = 0x7ffffffe;
																									}
																									_t731 =  ~(0 | __eflags > 0x00000000) | _t866 + 0x00000001;
																									__eflags = _t731 - 0x7fffffff;
																									if(_t731 > 0x7fffffff) {
																										L209:
																										E008E10B0();
																										goto L210;
																									} else {
																										_t731 = _t731 + _t731;
																										__eflags = _t731 - 0x1000;
																										if(_t731 < 0x1000) {
																											__eflags = _t731;
																											if(__eflags == 0) {
																												_t835 = 0;
																												__eflags = 0;
																											} else {
																												_t531 = E008E25CF(_t731, _t866, __eflags, _t731);
																												_t919 = _t919 + 4;
																												_t835 = _t531;
																											}
																											goto L203;
																										} else {
																											_t351 = _t731 + 0x23; // 0x23
																											_t532 = _t351;
																											__eflags = _t351 - _t731;
																											if(__eflags <= 0) {
																												goto L209;
																											} else {
																												_t533 = E008E25CF(_t731, _t866, __eflags, _t532);
																												_t919 = _t919 + 4;
																												__eflags = _t533;
																												if(__eflags == 0) {
																													L211:
																													E008E5D27(_t703, _t731, _t804, _t835, __eflags);
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													asm("int3");
																													_push(_t896);
																													_t920 = _t919 - 0x10;
																													_t805 = _v1564;
																													_push(_t703);
																													_t704 = _t731;
																													_t732 = 0x7ffffffe;
																													_push(_t866);
																													_push(_t835);
																													_t867 =  *(_t704 + 0x10);
																													_v1576 = _t867;
																													__eflags = 0x7ffffffe - _t867 - _t805;
																													if(__eflags < 0) {
																														L233:
																														E008E1150(_t704, _t835, _t867, __eflags);
																														goto L234;
																													} else {
																														_t485 = _t867 + _t805;
																														_t867 =  *(_t704 + 0x14);
																														_v36 = _t485;
																														_t837 = _t485 | 0x00000007;
																														_v40 = _t867;
																														__eflags = _t837 - 0x7ffffffe;
																														if(__eflags <= 0) {
																															_t487 = _t867 >> 1;
																															__eflags = _t867 - 0x7ffffffe - _t487;
																															if(__eflags <= 0) {
																																_t488 = _t487 + _t867;
																																__eflags = _t837 - _t488;
																																_t835 =  <  ? _t488 : _t837;
																																__eflags = _t835;
																															} else {
																																_t835 = 0x7ffffffe;
																															}
																														} else {
																															_t835 = 0x7ffffffe;
																														}
																														_t732 =  ~(0 | __eflags > 0x00000000) | _t835 + 0x00000001;
																														__eflags = _t732 - 0x7fffffff;
																														if(_t732 > 0x7fffffff) {
																															L232:
																															E008E10B0();
																															goto L233;
																														} else {
																															_t732 = _t732 + _t732;
																															__eflags = _t732 - 0x1000;
																															if(_t732 < 0x1000) {
																																__eflags = _t732;
																																if(__eflags == 0) {
																																	_t868 = 0;
																																	__eflags = 0;
																																} else {
																																	_t508 = E008E25CF(_t732, _t867, __eflags, _t732);
																																	_t920 = _t920 + 4;
																																	_t868 = _t508;
																																}
																																goto L226;
																															} else {
																																_t384 = _t732 + 0x23; // 0x23
																																_t509 = _t384;
																																__eflags = _t384 - _t732;
																																if(__eflags <= 0) {
																																	goto L232;
																																} else {
																																	_t510 = E008E25CF(_t732, _t867, __eflags, _t509);
																																	_t920 = _t920 + 4;
																																	__eflags = _t510;
																																	if(__eflags == 0) {
																																		L234:
																																		E008E5D27(_t704, _t732, _t805, _t835, __eflags);
																																		asm("int3");
																																		 *(_t732 + 4) =  *(_t732 + 4) & 0x00000000;
																																		_t414 = _t732 + 8;
																																		 *_t414 =  *(_t732 + 8) & 0x00000000;
																																		__eflags =  *_t414;
																																		 *(_t732 + 4) = "bad allocation";
																																		 *_t732 = 0x8ef190;
																																		return _t732;
																																	} else {
																																		_t385 = _t510 + 0x23; // 0x23
																																		_t868 = _t385 & 0xffffffe0;
																																		 *(_t868 - 4) = _t510;
																																		L226:
																																		 *(_t704 + 0x10) = _v36;
																																		 *(_t704 + 0x14) = _t835;
																																		_t737 = _v32 + _v32;
																																		_t494 = _v8;
																																		_v36 = _t737 + _t868;
																																		_push(_t737);
																																		_t838 = _t494 + _t494;
																																		__eflags = _v40 - 8;
																																		_v44 = _t494 + _t494;
																																		_v32 = _t868 + (_t494 + _v32) * 2;
																																		if(_v40 < 8) {
																																			_push(_t704);
																																			_push(_t868);
																																			E008E5440();
																																			E008E5440(_v36, L"BWInstaller.exe", _t838);
																																			__eflags = 0;
																																			 *_v32 = 0;
																																			 *_t704 = _t868;
																																			return _t704;
																																		} else {
																																			_t840 =  *_t704;
																																			_push(_t840);
																																			_push(_t868);
																																			E008E5440();
																																			E008E5440(_v36, L"BWInstaller.exe", _v44);
																																			 *_v32 = 0;
																																			_t740 = 2 + _v40 * 2;
																																			__eflags = _t740 - 0x1000;
																																			if(_t740 < 0x1000) {
																																				L230:
																																				_push(_t740);
																																				E008E25FF(_t840);
																																				 *_t704 = _t868;
																																				return _t704;
																																			} else {
																																				_t805 =  *(_t840 - 4);
																																				_t732 = _t740 + 0x23;
																																				_t409 = _t840 - _t805 - 4; // 0x7ffffffa
																																				__eflags = _t409 - 0x1f;
																																				if(__eflags > 0) {
																																					goto L234;
																																				} else {
																																					_t840 = _t805;
																																					goto L230;
																																				}
																																			}
																																		}
																																	}
																																}
																															}
																														}
																													}
																												} else {
																													_t352 = _t533 + 0x23; // 0x23
																													_t835 = _t352 & 0xffffffe0;
																													 *(_t835 - 4) = _t533;
																													L203:
																													 *(_t703 + 0x10) = _v28;
																													_t520 = _v0 + _v0;
																													 *(_t703 + 0x14) = _t866;
																													__eflags = _v36 - 8;
																													_push(_t520);
																													_push(_v40);
																													_t875 = 2 + _v32 * 2;
																													_v28 = _t520 + _t835;
																													_push(_t835);
																													if(_v36 < 8) {
																														E008E5440();
																														E008E5440(_v28, _t703, _t875);
																														 *_t703 = _t835;
																														return _t703;
																													} else {
																														_t877 =  *_t703;
																														E008E5440();
																														E008E5440(_v28, _t877, 2 + _v32 * 2);
																														_t919 = _t919 + 0x18;
																														_t747 = 2 + _v36 * 2;
																														__eflags = _t747 - 0x1000;
																														if(_t747 < 0x1000) {
																															L207:
																															_push(_t747);
																															E008E25FF(_t877);
																															 *_t703 = _t835;
																															return _t703;
																														} else {
																															_t804 =  *(_t877 - 4);
																															_t731 = _t747 + 0x23;
																															_t866 = _t877 - _t804;
																															__eflags = _t866 - 4 - 0x1f;
																															if(__eflags > 0) {
																																goto L211;
																															} else {
																																_t877 = _t804;
																																goto L207;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																							} else {
																								_t328 = _t550 + 0x23; // 0x23
																								_t701 = _t328 & 0xffffffe0;
																								 *(_t701 - 4) = _t550;
																								L179:
																								_t540 = _v24;
																								 *(_t835 + 0x14) = _t864;
																								 *(_t835 + 0x10) = _t540;
																								_t864 = _t540 + _t540;
																								E008E5440(_t701, _v28, _t864);
																								_t918 = _t918 + 0xc;
																								 *((short*)(_t864 + _t701)) = 0;
																								_t543 = _v32;
																								__eflags = _t543 - 8;
																								if(_t543 < 8) {
																									L184:
																									 *_t835 = _t701;
																									return _t835;
																								} else {
																									_t748 = 2 + _t543 * 2;
																									_t545 =  *_t835;
																									__eflags = _t748 - 0x1000;
																									if(_t748 < 0x1000) {
																										L183:
																										_push(_t748);
																										E008E25FF(_t545);
																										goto L184;
																									} else {
																										_t803 =  *(_t545 - 4);
																										_t730 = _t748 + 0x23;
																										__eflags = _t545 - _t803 + 0xfffffffc - 0x1f;
																										if(__eflags > 0) {
																											goto L187;
																										} else {
																											_t545 = _t803;
																											goto L183;
																										}
																									}
																								}
																							}
																						}
																					}
																				}
																			} else {
																				_t711 = _t835;
																				__eflags = _t730 - 8;
																				if(_t730 >= 8) {
																					_t711 =  *_t835;
																				}
																				_t882 = _t471 + _t471;
																				 *(_t835 + 0x10) = _t471;
																				E008E4D80(_t711, _t803, _t882);
																				__eflags = 0;
																				 *((short*)(_t882 + _t711)) = 0;
																				return _t835;
																			}
																		} else {
																			_t466 = _t802;
																			goto L159;
																		}
																	}
																}
															} else {
																_t461 = _t801;
																goto L152;
															}
														}
													}
												} else {
													_t586 = E008E25CF( &_v1432, 0, __eflags, _t585);
													_t912 = _t912 + 4;
													__eflags = _t586;
													if(__eflags == 0) {
														L145:
														E008E5D27(_t701, _t724, _t800, _t833, __eflags);
														goto L146;
													} else {
														_t241 = _t586 + 0x23; // 0x23
														_t860 = _t241 & 0xffffffe0;
														 *(_t860 - 4) = _t586;
														L118:
														_t580 = _t860 + _t833;
														_t833 = _t580;
														_v84 = _t580;
														_v100 = _t860;
														_v76 = _t860;
														_v68 = _t833;
														E008E3900(_t833, _t860, 0, _v88 + _v88);
														_v96 = _t860;
														_t912 = _t912 + 0xc;
														_v72 = _t833;
														goto L119;
													}
												}
											}
										}
									}
								} else {
									goto L25;
								}
							}
						}
					} else {
						_t699 = RegQueryValueExW(_v1240, L"Release", 0,  &(_v1208.dwXCountChars),  &_v268,  &(_v1208.dwYSize)); // executed
						if(_t699 != 0) {
							goto L64;
						} else {
							goto L3;
						}
					}
				}
			}




























































































































































































































































                                                      0x008e1160
                                                      0x008e1160
                                                      0x008e1161
                                                      0x008e1166
                                                      0x008e116c
                                                      0x008e1173
                                                      0x008e117a
                                                      0x008e117b
                                                      0x008e1188
                                                      0x008e1196
                                                      0x008e11a1
                                                      0x008e11a6
                                                      0x008e11a9
                                                      0x008e11bd
                                                      0x008e11d8
                                                      0x008e11dc
                                                      0x008e18b3
                                                      0x008e18b3
                                                      0x008e18b9
                                                      0x008e18be
                                                      0x00000000
                                                      0x008e18c4
                                                      0x008e18cb
                                                      0x008e18d0
                                                      0x008e18d8
                                                      0x008e18df
                                                      0x008e18e5
                                                      0x008e18e9
                                                      0x008e1907
                                                      0x008e1907
                                                      0x008e1907
                                                      0x008e1910
                                                      0x008e1918
                                                      0x008e191a
                                                      0x008e191c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1922
                                                      0x008e1926
                                                      0x008e1927
                                                      0x008e192a
                                                      0x00000000
                                                      0x008e192c
                                                      0x008e192c
                                                      0x008e1930
                                                      0x008e1932
                                                      0x008e1939
                                                      0x008e193e
                                                      0x008e1946
                                                      0x008e1948
                                                      0x008e1948
                                                      0x008e194c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e194e
                                                      0x008e1951
                                                      0x008e1951
                                                      0x008e1954
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1954
                                                      0x008e1956
                                                      0x008e1958
                                                      0x00000000
                                                      0x008e195a
                                                      0x008e195f
                                                      0x008e1965
                                                      0x008e1969
                                                      0x008e196c
                                                      0x00000000
                                                      0x008e196e
                                                      0x008e1971
                                                      0x008e197d
                                                      0x008e1987
                                                      0x008e198f
                                                      0x008e198f
                                                      0x008e1991
                                                      0x008e19a0
                                                      0x008e19a2
                                                      0x008e19a4
                                                      0x00000000
                                                      0x00000000
                                                      0x008e19a6
                                                      0x008e19a7
                                                      0x008e19aa
                                                      0x00000000
                                                      0x008e19ac
                                                      0x008e19ac
                                                      0x008e19ac
                                                      0x00000000
                                                      0x008e19aa
                                                      0x008e19bd
                                                      0x008e19bd
                                                      0x008e196c
                                                      0x008e1958
                                                      0x00000000
                                                      0x008e192a
                                                      0x008e19ca
                                                      0x008e18eb
                                                      0x008e18eb
                                                      0x008e18f2
                                                      0x008e18f6
                                                      0x008e18f8
                                                      0x00000000
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18fa
                                                      0x008e18f8
                                                      0x008e19ce
                                                      0x008e19ce
                                                      0x008e19d6
                                                      0x008e19dd
                                                      0x008e19e1
                                                      0x008e19fc
                                                      0x008e19fc
                                                      0x008e19fc
                                                      0x008e1a00
                                                      0x008e1a08
                                                      0x008e1a0a
                                                      0x008e1a0c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a12
                                                      0x008e1a16
                                                      0x008e1a17
                                                      0x008e1a1a
                                                      0x00000000
                                                      0x008e1a1c
                                                      0x008e1a1c
                                                      0x008e1a20
                                                      0x008e1a22
                                                      0x008e1a29
                                                      0x008e1a2b
                                                      0x008e1a33
                                                      0x008e1a38
                                                      0x008e1a38
                                                      0x008e1a3c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a3e
                                                      0x008e1a41
                                                      0x008e1a41
                                                      0x008e1a44
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a44
                                                      0x008e1a46
                                                      0x008e1a48
                                                      0x008e1a9c
                                                      0x008e1a9c
                                                      0x008e1a4a
                                                      0x008e1a4f
                                                      0x008e1a55
                                                      0x008e1a59
                                                      0x008e1a5c
                                                      0x00000000
                                                      0x008e1a5e
                                                      0x008e1a61
                                                      0x008e1a6d
                                                      0x008e1a77
                                                      0x008e1a7f
                                                      0x008e1a7f
                                                      0x008e1a81
                                                      0x008e1a90
                                                      0x008e1a92
                                                      0x008e1a94
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a96
                                                      0x008e1a97
                                                      0x008e1a9a
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1a9a
                                                      0x00000000
                                                      0x008e1a81
                                                      0x008e1a5c
                                                      0x008e1a48
                                                      0x00000000
                                                      0x008e1a1a
                                                      0x008e1aa3
                                                      0x008e1aa3
                                                      0x008e19e3
                                                      0x008e19e3
                                                      0x008e19ea
                                                      0x008e19ee
                                                      0x008e19f0
                                                      0x00000000
                                                      0x008e19f2
                                                      0x008e19f2
                                                      0x008e19f2
                                                      0x008e19f0
                                                      0x008e1aaa
                                                      0x008e1ab9
                                                      0x008e1ab9
                                                      0x008e1abc
                                                      0x008e1acd
                                                      0x008e1acd
                                                      0x008e1ad3
                                                      0x008e1ada
                                                      0x008e1add
                                                      0x00000000
                                                      0x008e1adf
                                                      0x008e1adf
                                                      0x008e1ae6
                                                      0x008e1aed
                                                      0x008e1aef
                                                      0x008e1af5
                                                      0x00000000
                                                      0x008e1af7
                                                      0x008e1af7
                                                      0x008e1afa
                                                      0x008e1b02
                                                      0x008e1b05
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1b05
                                                      0x008e1af5
                                                      0x008e1add
                                                      0x008e11e2
                                                      0x008e11f1
                                                      0x008e11f5
                                                      0x008e122b
                                                      0x008e122d
                                                      0x008e1238
                                                      0x008e1239
                                                      0x008e1245
                                                      0x008e1250
                                                      0x008e1258
                                                      0x008e126c
                                                      0x008e1271
                                                      0x008e1283
                                                      0x008e128b
                                                      0x008e1293
                                                      0x008e129a
                                                      0x008e12a2
                                                      0x008e12a7
                                                      0x008e12aa
                                                      0x008e12b0
                                                      0x008e12b0
                                                      0x008e12b3
                                                      0x008e12b6
                                                      0x008e12c6
                                                      0x008e12c7
                                                      0x008e12cc
                                                      0x008e12da
                                                      0x008e12de
                                                      0x008e12e5
                                                      0x008e139c
                                                      0x008e139c
                                                      0x008e139c
                                                      0x008e12eb
                                                      0x008e12fa
                                                      0x008e12ff
                                                      0x008e1302
                                                      0x008e1310
                                                      0x008e1310
                                                      0x008e1316
                                                      0x00000000
                                                      0x00000000
                                                      0x008e131b
                                                      0x008e131e
                                                      0x008e132c
                                                      0x00000000
                                                      0x008e132e
                                                      0x008e132e
                                                      0x008e1336
                                                      0x008e1339
                                                      0x008e1340
                                                      0x008e1340
                                                      0x008e1346
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1354
                                                      0x00000000
                                                      0x008e1356
                                                      0x008e1356
                                                      0x00000000
                                                      0x008e1356
                                                      0x00000000
                                                      0x008e1354
                                                      0x008e1396
                                                      0x008e1398
                                                      0x008e1398
                                                      0x00000000
                                                      0x008e132c
                                                      0x008e135b
                                                      0x008e135b
                                                      0x008e135e
                                                      0x008e1361
                                                      0x008e1363
                                                      0x008e1366
                                                      0x008e1370
                                                      0x008e1370
                                                      0x008e1370
                                                      0x008e1373
                                                      0x008e1378
                                                      0x008e1380
                                                      0x008e1380
                                                      0x008e1383
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1385
                                                      0x008e1388
                                                      0x008e1388
                                                      0x008e138b
                                                      0x00000000
                                                      0x008e138d
                                                      0x008e138d
                                                      0x008e138f
                                                      0x00000000
                                                      0x008e1391
                                                      0x008e1391
                                                      0x00000000
                                                      0x008e1391
                                                      0x008e138f
                                                      0x00000000
                                                      0x008e138b
                                                      0x00000000
                                                      0x008e1380
                                                      0x008e1370
                                                      0x008e139f
                                                      0x008e139f
                                                      0x008e13a3
                                                      0x008e13a6
                                                      0x008e13db
                                                      0x008e13db
                                                      0x008e13dd
                                                      0x008e13e5
                                                      0x008e13ec
                                                      0x008e13f4
                                                      0x008e13f9
                                                      0x008e1400
                                                      0x008e1400
                                                      0x008e1403
                                                      0x008e1406
                                                      0x008e1406
                                                      0x008e1416
                                                      0x008e1417
                                                      0x008e141c
                                                      0x008e1423
                                                      0x008e142b
                                                      0x008e1433
                                                      0x008e143c
                                                      0x008e1441
                                                      0x008e1446
                                                      0x008e1447
                                                      0x008e144c
                                                      0x008e144d
                                                      0x008e1455
                                                      0x008e145a
                                                      0x008e1461
                                                      0x008e1464
                                                      0x008e149c
                                                      0x008e149c
                                                      0x008e14a1
                                                      0x008e14a5
                                                      0x008e14ad
                                                      0x008e14b3
                                                      0x008e14bc
                                                      0x008e14bf
                                                      0x008e14f4
                                                      0x008e14f4
                                                      0x008e14f8
                                                      0x008e1500
                                                      0x008e1509
                                                      0x008e1511
                                                      0x008e1516
                                                      0x008e151b
                                                      0x008e152b
                                                      0x008e1530
                                                      0x008e1534
                                                      0x008e1536
                                                      0x008e153a
                                                      0x008e153e
                                                      0x008e1540
                                                      0x008e15ee
                                                      0x008e15ef
                                                      0x008e15f0
                                                      0x008e15f1
                                                      0x008e15fd
                                                      0x008e1604
                                                      0x008e1605
                                                      0x008e1546
                                                      0x008e1546
                                                      0x008e154e
                                                      0x008e1556
                                                      0x008e155b
                                                      0x008e155e
                                                      0x008e1565
                                                      0x008e1569
                                                      0x008e156d
                                                      0x008e1574
                                                      0x008e1576
                                                      0x008e158f
                                                      0x008e158f
                                                      0x008e1578
                                                      0x008e157b
                                                      0x008e157d
                                                      0x00000000
                                                      0x008e157f
                                                      0x008e157f
                                                      0x008e1581
                                                      0x008e158b
                                                      0x008e1583
                                                      0x008e1583
                                                      0x008e1583
                                                      0x008e1581
                                                      0x008e157d
                                                      0x008e15a7
                                                      0x008e15af
                                                      0x008e15bb
                                                      0x008e15e0
                                                      0x008e15e5
                                                      0x008e15e8
                                                      0x008e15e8
                                                      0x008e160a
                                                      0x008e160f
                                                      0x008e1614
                                                      0x008e1619
                                                      0x008e161f
                                                      0x008e1626
                                                      0x008e162d
                                                      0x008e1630
                                                      0x008e1636
                                                      0x008e163a
                                                      0x008e163c
                                                      0x008e163f
                                                      0x008e1673
                                                      0x008e1675
                                                      0x008e1676
                                                      0x008e1682
                                                      0x008e1689
                                                      0x008e168b
                                                      0x008e1641
                                                      0x008e1641
                                                      0x008e164a
                                                      0x008e164f
                                                      0x008e1657
                                                      0x008e165f
                                                      0x008e1664
                                                      0x008e1669
                                                      0x008e166d
                                                      0x008e166d
                                                      0x008e1690
                                                      0x008e1695
                                                      0x008e169d
                                                      0x008e16a2
                                                      0x008e16ab
                                                      0x008e16b2
                                                      0x008e16b9
                                                      0x008e16bc
                                                      0x008e16c0
                                                      0x008e16c3
                                                      0x008e16f8
                                                      0x008e16f8
                                                      0x008e16fe
                                                      0x008e1706
                                                      0x008e170e
                                                      0x008e1713
                                                      0x008e1716
                                                      0x008e174b
                                                      0x008e174b
                                                      0x008e1762
                                                      0x008e1776
                                                      0x008e1780
                                                      0x008e178f
                                                      0x008e1798
                                                      0x008e17a1
                                                      0x008e17aa
                                                      0x008e17b3
                                                      0x008e17bc
                                                      0x008e17c5
                                                      0x008e17ce
                                                      0x008e17d7
                                                      0x008e17df
                                                      0x008e17ee
                                                      0x008e17fb
                                                      0x008e1801
                                                      0x008e180a
                                                      0x008e180c
                                                      0x008e1813
                                                      0x008e1816
                                                      0x008e184e
                                                      0x008e184e
                                                      0x008e1857
                                                      0x008e1862
                                                      0x008e186d
                                                      0x008e1875
                                                      0x008e1878
                                                      0x008e1b11
                                                      0x008e1b1c
                                                      0x008e1b26
                                                      0x008e187e
                                                      0x008e187e
                                                      0x008e1885
                                                      0x008e188c
                                                      0x008e188e
                                                      0x008e1894
                                                      0x008e1b07
                                                      0x008e1b07
                                                      0x008e1b09
                                                      0x008e1b0e
                                                      0x00000000
                                                      0x008e189a
                                                      0x008e189a
                                                      0x008e189d
                                                      0x008e18a5
                                                      0x008e18a8
                                                      0x00000000
                                                      0x008e18ae
                                                      0x00000000
                                                      0x008e18ae
                                                      0x008e18a8
                                                      0x008e1894
                                                      0x008e1818
                                                      0x008e1818
                                                      0x008e181f
                                                      0x008e1826
                                                      0x008e1828
                                                      0x008e182e
                                                      0x008e1844
                                                      0x008e1844
                                                      0x008e1846
                                                      0x008e184b
                                                      0x00000000
                                                      0x008e1830
                                                      0x008e1830
                                                      0x008e1833
                                                      0x008e183b
                                                      0x008e183e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e183e
                                                      0x008e182e
                                                      0x008e1718
                                                      0x008e1718
                                                      0x008e171c
                                                      0x008e1723
                                                      0x008e1725
                                                      0x008e172b
                                                      0x008e1741
                                                      0x008e1741
                                                      0x008e1743
                                                      0x008e1748
                                                      0x00000000
                                                      0x008e172d
                                                      0x008e172d
                                                      0x008e1730
                                                      0x008e1738
                                                      0x008e173b
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e173b
                                                      0x008e172b
                                                      0x008e16c5
                                                      0x008e16c5
                                                      0x008e16c9
                                                      0x008e16d0
                                                      0x008e16d2
                                                      0x008e16d8
                                                      0x008e16ee
                                                      0x008e16ee
                                                      0x008e16f0
                                                      0x008e16f5
                                                      0x00000000
                                                      0x008e16da
                                                      0x008e16da
                                                      0x008e16dd
                                                      0x008e16e5
                                                      0x008e16e8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e16e8
                                                      0x008e16d8
                                                      0x008e14c1
                                                      0x008e14c1
                                                      0x008e14c5
                                                      0x008e14cc
                                                      0x008e14ce
                                                      0x008e14d4
                                                      0x008e14ea
                                                      0x008e14ea
                                                      0x008e14ec
                                                      0x008e14f1
                                                      0x00000000
                                                      0x008e14d6
                                                      0x008e14d6
                                                      0x008e14d9
                                                      0x008e14e1
                                                      0x008e14e4
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e14e4
                                                      0x008e14d4
                                                      0x008e1466
                                                      0x008e1466
                                                      0x008e146d
                                                      0x008e1474
                                                      0x008e1476
                                                      0x008e147c
                                                      0x008e1492
                                                      0x008e1492
                                                      0x008e1494
                                                      0x008e1499
                                                      0x00000000
                                                      0x008e147e
                                                      0x008e147e
                                                      0x008e1481
                                                      0x008e1489
                                                      0x008e148c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e148c
                                                      0x008e147c
                                                      0x008e13a8
                                                      0x008e13a8
                                                      0x008e13ac
                                                      0x008e13b3
                                                      0x008e13b5
                                                      0x008e13bb
                                                      0x008e13d1
                                                      0x008e13d1
                                                      0x008e13d3
                                                      0x008e13d8
                                                      0x00000000
                                                      0x008e13bd
                                                      0x008e13bd
                                                      0x008e13c0
                                                      0x008e13c8
                                                      0x008e13cb
                                                      0x008e1b29
                                                      0x008e1b2e
                                                      0x008e1b2e
                                                      0x008e1b33
                                                      0x008e1b33
                                                      0x008e1b38
                                                      0x008e1b38
                                                      0x008e1b3d
                                                      0x008e1b3e
                                                      0x008e1b3f
                                                      0x008e1b41
                                                      0x008e1b49
                                                      0x008e1b50
                                                      0x008e1b54
                                                      0x008e1b65
                                                      0x008e1b68
                                                      0x008e1b6d
                                                      0x008e1b6f
                                                      0x008e1b78
                                                      0x008e1b7e
                                                      0x008e1b80
                                                      0x008e1b83
                                                      0x008e1b86
                                                      0x008e1b8e
                                                      0x008e1b9b
                                                      0x008e1ba2
                                                      0x008e1ba9
                                                      0x008e1bb0
                                                      0x008e1bb4
                                                      0x008e1bbc
                                                      0x008e1bcc
                                                      0x008e1bd4
                                                      0x008e1bdb
                                                      0x008e1bde
                                                      0x008e1be1
                                                      0x008e1be6
                                                      0x008e1be8
                                                      0x008e1beb
                                                      0x008e1bed
                                                      0x008e1bf0
                                                      0x008e1bf3
                                                      0x008e1bf6
                                                      0x008e1bf9
                                                      0x008e1bfc
                                                      0x008e1bff
                                                      0x008e1c01
                                                      0x008e1c7e
                                                      0x008e1c81
                                                      0x008e1c87
                                                      0x008e1c8d
                                                      0x008e1c93
                                                      0x008e1c95
                                                      0x008e1dfa
                                                      0x008e1dfa
                                                      0x008e1dff
                                                      0x008e1e01
                                                      0x008e1e06
                                                      0x008e1e0d
                                                      0x008e1e14
                                                      0x008e1e19
                                                      0x008e1e1e
                                                      0x008e1e20
                                                      0x008e1e4b
                                                      0x008e1e4b
                                                      0x008e1e4e
                                                      0x008e1e51
                                                      0x00000000
                                                      0x008e1e53
                                                      0x008e1e53
                                                      0x008e1e56
                                                      0x008e1e5d
                                                      0x008e1e5f
                                                      0x008e1e65
                                                      0x00000000
                                                      0x008e1e6b
                                                      0x008e1e6b
                                                      0x008e1e6e
                                                      0x008e1e76
                                                      0x008e1e79
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1e79
                                                      0x008e1e65
                                                      0x008e1e22
                                                      0x008e1e24
                                                      0x008e1e26
                                                      0x008e1e29
                                                      0x008e1e2f
                                                      0x008e1e41
                                                      0x008e1e41
                                                      0x008e1e43
                                                      0x008e1e48
                                                      0x00000000
                                                      0x008e1e31
                                                      0x008e1e31
                                                      0x008e1e34
                                                      0x008e1e3c
                                                      0x008e1e3f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1e3f
                                                      0x008e1e2f
                                                      0x008e1c9b
                                                      0x008e1c9e
                                                      0x008e1ca1
                                                      0x008e1ca1
                                                      0x008e1ca5
                                                      0x00000000
                                                      0x008e1cab
                                                      0x008e1cab
                                                      0x008e1caf
                                                      0x00000000
                                                      0x008e1cb5
                                                      0x008e1cb5
                                                      0x008e1cba
                                                      0x008e1cc0
                                                      0x008e1cc0
                                                      0x008e1cc3
                                                      0x008e1cc6
                                                      0x008e1cc6
                                                      0x008e1cd0
                                                      0x008e1cd1
                                                      0x008e1cd5
                                                      0x008e1cda
                                                      0x008e1ce1
                                                      0x008e1ce7
                                                      0x008e1cea
                                                      0x008e1cf0
                                                      0x008e1cf6
                                                      0x008e1cf9
                                                      0x008e1cff
                                                      0x008e1d02
                                                      0x008e1d05
                                                      0x008e1d07
                                                      0x008e1d09
                                                      0x008e1d09
                                                      0x008e1d09
                                                      0x008e1d0c
                                                      0x008e1d10
                                                      0x008e1d19
                                                      0x008e1d1d
                                                      0x008e1d20
                                                      0x008e1d23
                                                      0x008e1d23
                                                      0x008e1d28
                                                      0x008e1d2b
                                                      0x008e1d2b
                                                      0x008e1d2e
                                                      0x008e1d32
                                                      0x00000000
                                                      0x008e1d38
                                                      0x008e1d38
                                                      0x008e1d3b
                                                      0x008e1d3d
                                                      0x008e1d41
                                                      0x008e1d45
                                                      0x008e1d4c
                                                      0x008e1d53
                                                      0x008e1d56
                                                      0x008e1d5b
                                                      0x008e1d60
                                                      0x008e1d67
                                                      0x008e1d6e
                                                      0x008e1d70
                                                      0x008e1ddc
                                                      0x008e1ddf
                                                      0x008e1dec
                                                      0x008e1df9
                                                      0x008e1d72
                                                      0x008e1d74
                                                      0x008e1d76
                                                      0x008e1d79
                                                      0x008e1d7f
                                                      0x008e1d95
                                                      0x008e1d95
                                                      0x008e1d97
                                                      0x008e1d9c
                                                      0x008e1d9f
                                                      0x008e1da2
                                                      0x008e1da5
                                                      0x008e1dd9
                                                      0x00000000
                                                      0x008e1da7
                                                      0x008e1da7
                                                      0x008e1daa
                                                      0x008e1db1
                                                      0x008e1db3
                                                      0x008e1db9
                                                      0x008e1dcf
                                                      0x008e1dcf
                                                      0x008e1dd1
                                                      0x00000000
                                                      0x008e1dbb
                                                      0x008e1dbb
                                                      0x008e1dbe
                                                      0x008e1dc6
                                                      0x008e1dc9
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1dc9
                                                      0x008e1db9
                                                      0x008e1d81
                                                      0x008e1d81
                                                      0x008e1d84
                                                      0x008e1d8c
                                                      0x008e1d8f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1d8f
                                                      0x008e1d7f
                                                      0x008e1d70
                                                      0x008e1d32
                                                      0x008e1caf
                                                      0x008e1ca5
                                                      0x008e1c03
                                                      0x008e1c03
                                                      0x008e1c08
                                                      0x008e1e84
                                                      0x008e1e84
                                                      0x00000000
                                                      0x008e1c0e
                                                      0x008e1c0e
                                                      0x008e1c11
                                                      0x008e1c17
                                                      0x008e1c40
                                                      0x008e1c42
                                                      0x008e1c51
                                                      0x008e1c51
                                                      0x008e1c44
                                                      0x008e1c45
                                                      0x008e1c4a
                                                      0x008e1c4d
                                                      0x008e1c4d
                                                      0x00000000
                                                      0x008e1c19
                                                      0x008e1c19
                                                      0x008e1c19
                                                      0x008e1c1c
                                                      0x008e1c1e
                                                      0x008e1e89
                                                      0x008e1e89
                                                      0x008e1e8e
                                                      0x008e1e8f
                                                      0x008e1e90
                                                      0x008e1e91
                                                      0x008e1e93
                                                      0x008e1e95
                                                      0x008e1e97
                                                      0x008e1ed9
                                                      0x008e1eda
                                                      0x008e1e99
                                                      0x008e1e9e
                                                      0x008e1ea1
                                                      0x008e1ea7
                                                      0x008e1ebb
                                                      0x008e1ebb
                                                      0x008e1ebd
                                                      0x008e1ec2
                                                      0x008e1ecb
                                                      0x008e1ed2
                                                      0x00000000
                                                      0x008e1ea9
                                                      0x008e1ea9
                                                      0x008e1eac
                                                      0x008e1eb4
                                                      0x008e1eb7
                                                      0x008e1edb
                                                      0x008e1ee0
                                                      0x008e1ee1
                                                      0x008e1ee2
                                                      0x008e1ee3
                                                      0x008e1ee4
                                                      0x008e1ee5
                                                      0x008e1ee6
                                                      0x008e1ee7
                                                      0x008e1ee8
                                                      0x008e1ee9
                                                      0x008e1eea
                                                      0x008e1eeb
                                                      0x008e1eec
                                                      0x008e1eed
                                                      0x008e1eee
                                                      0x008e1eef
                                                      0x008e1ef0
                                                      0x008e1ef1
                                                      0x008e1ef3
                                                      0x008e1ef6
                                                      0x008e1ef9
                                                      0x008e1f28
                                                      0x008e1f28
                                                      0x008e1f2a
                                                      0x008e1f31
                                                      0x008e1f38
                                                      0x008e1f3c
                                                      0x008e1efb
                                                      0x008e1efb
                                                      0x008e1efd
                                                      0x008e1f04
                                                      0x008e1f0a
                                                      0x008e1f1e
                                                      0x008e1f1e
                                                      0x008e1f20
                                                      0x00000000
                                                      0x008e1f0c
                                                      0x008e1f0c
                                                      0x008e1f0f
                                                      0x008e1f17
                                                      0x008e1f1a
                                                      0x008e1f3d
                                                      0x008e1f42
                                                      0x008e1f43
                                                      0x008e1f44
                                                      0x008e1f45
                                                      0x008e1f46
                                                      0x008e1f47
                                                      0x008e1f48
                                                      0x008e1f49
                                                      0x008e1f4a
                                                      0x008e1f4b
                                                      0x008e1f4c
                                                      0x008e1f4d
                                                      0x008e1f4e
                                                      0x008e1f4f
                                                      0x008e1f50
                                                      0x008e1f51
                                                      0x008e1f53
                                                      0x008e1f56
                                                      0x008e1f59
                                                      0x008e1f5c
                                                      0x008e1f5d
                                                      0x008e1f5e
                                                      0x008e1f5f
                                                      0x008e1f61
                                                      0x008e1f64
                                                      0x008e1f67
                                                      0x008e1f6a
                                                      0x008e1f6d
                                                      0x008e1f6f
                                                      0x008e1f9c
                                                      0x008e1fa1
                                                      0x008e209a
                                                      0x008e209a
                                                      0x00000000
                                                      0x008e1fa7
                                                      0x008e1fa9
                                                      0x008e1fac
                                                      0x008e1fb2
                                                      0x008e1fc7
                                                      0x008e1fcb
                                                      0x008e1fcd
                                                      0x008e1fdb
                                                      0x008e1fde
                                                      0x008e1fe0
                                                      0x008e1fe3
                                                      0x008e1fe3
                                                      0x008e1fe6
                                                      0x008e1feb
                                                      0x00000000
                                                      0x008e1ff1
                                                      0x008e1ff1
                                                      0x008e1ff3
                                                      0x008e1ff8
                                                      0x008e2021
                                                      0x008e2023
                                                      0x008e2032
                                                      0x008e2032
                                                      0x008e2025
                                                      0x008e2026
                                                      0x008e202b
                                                      0x008e202e
                                                      0x008e202e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1ff8
                                                      0x008e1fcf
                                                      0x008e1fcf
                                                      0x008e1fd4
                                                      0x00000000
                                                      0x008e1fd4
                                                      0x008e1fb4
                                                      0x008e1fb4
                                                      0x008e1fb9
                                                      0x008e1ffa
                                                      0x008e1ffa
                                                      0x008e1ffa
                                                      0x008e1ffd
                                                      0x008e1fff
                                                      0x008e2095
                                                      0x008e2095
                                                      0x00000000
                                                      0x008e2005
                                                      0x008e2006
                                                      0x008e200b
                                                      0x008e200e
                                                      0x008e2010
                                                      0x008e209f
                                                      0x008e209f
                                                      0x008e20a4
                                                      0x008e20a5
                                                      0x008e20a6
                                                      0x008e20a7
                                                      0x008e20a8
                                                      0x008e20a9
                                                      0x008e20aa
                                                      0x008e20ab
                                                      0x008e20ac
                                                      0x008e20ad
                                                      0x008e20ae
                                                      0x008e20af
                                                      0x008e20b0
                                                      0x008e20b5
                                                      0x008e20ba
                                                      0x008e20bb
                                                      0x008e20bc
                                                      0x008e20bd
                                                      0x008e20be
                                                      0x008e20bf
                                                      0x008e20c0
                                                      0x008e20c1
                                                      0x008e20c3
                                                      0x008e20c9
                                                      0x008e20cc
                                                      0x008e20cd
                                                      0x008e20cf
                                                      0x008e20d2
                                                      0x008e20d7
                                                      0x008e20da
                                                      0x008e20df
                                                      0x008e20e2
                                                      0x008e20e3
                                                      0x008e20e5
                                                      0x008e2220
                                                      0x008e2220
                                                      0x00000000
                                                      0x008e20eb
                                                      0x008e20eb
                                                      0x008e20ee
                                                      0x008e20f3
                                                      0x008e20f6
                                                      0x008e20f9
                                                      0x008e20fc
                                                      0x008e20fe
                                                      0x008e2106
                                                      0x008e210a
                                                      0x008e210c
                                                      0x008e2115
                                                      0x008e2117
                                                      0x008e2119
                                                      0x008e2119
                                                      0x008e210e
                                                      0x008e210e
                                                      0x008e210e
                                                      0x008e2100
                                                      0x008e2100
                                                      0x008e2100
                                                      0x008e2128
                                                      0x008e212a
                                                      0x008e2130
                                                      0x008e221b
                                                      0x008e221b
                                                      0x00000000
                                                      0x008e2136
                                                      0x008e2136
                                                      0x008e2138
                                                      0x008e213e
                                                      0x008e2167
                                                      0x008e2169
                                                      0x008e2178
                                                      0x008e2178
                                                      0x008e216b
                                                      0x008e216c
                                                      0x008e2171
                                                      0x008e2174
                                                      0x008e2174
                                                      0x00000000
                                                      0x008e2140
                                                      0x008e2140
                                                      0x008e2140
                                                      0x008e2143
                                                      0x008e2145
                                                      0x00000000
                                                      0x008e214b
                                                      0x008e214c
                                                      0x008e2151
                                                      0x008e2154
                                                      0x008e2156
                                                      0x008e2225
                                                      0x008e2225
                                                      0x008e222a
                                                      0x008e222b
                                                      0x008e222c
                                                      0x008e222d
                                                      0x008e222e
                                                      0x008e222f
                                                      0x008e2230
                                                      0x008e2233
                                                      0x008e2236
                                                      0x008e2239
                                                      0x008e223a
                                                      0x008e223c
                                                      0x008e2241
                                                      0x008e2244
                                                      0x008e2245
                                                      0x008e224a
                                                      0x008e224d
                                                      0x008e224f
                                                      0x008e23a3
                                                      0x008e23a3
                                                      0x00000000
                                                      0x008e2255
                                                      0x008e2255
                                                      0x008e2258
                                                      0x008e225d
                                                      0x008e2260
                                                      0x008e2263
                                                      0x008e2266
                                                      0x008e2268
                                                      0x008e2270
                                                      0x008e2274
                                                      0x008e2276
                                                      0x008e227f
                                                      0x008e2281
                                                      0x008e2283
                                                      0x008e2283
                                                      0x008e2278
                                                      0x008e2278
                                                      0x008e2278
                                                      0x008e226a
                                                      0x008e226a
                                                      0x008e226a
                                                      0x008e2292
                                                      0x008e2294
                                                      0x008e229a
                                                      0x008e239e
                                                      0x008e239e
                                                      0x00000000
                                                      0x008e22a0
                                                      0x008e22a0
                                                      0x008e22a2
                                                      0x008e22a8
                                                      0x008e22d1
                                                      0x008e22d3
                                                      0x008e22e2
                                                      0x008e22e2
                                                      0x008e22d5
                                                      0x008e22d6
                                                      0x008e22db
                                                      0x008e22de
                                                      0x008e22de
                                                      0x00000000
                                                      0x008e22aa
                                                      0x008e22aa
                                                      0x008e22aa
                                                      0x008e22ad
                                                      0x008e22af
                                                      0x00000000
                                                      0x008e22b5
                                                      0x008e22b6
                                                      0x008e22bb
                                                      0x008e22be
                                                      0x008e22c0
                                                      0x008e23a8
                                                      0x008e23a8
                                                      0x008e23ad
                                                      0x008e23ae
                                                      0x008e23b4
                                                      0x008e23b4
                                                      0x008e23b4
                                                      0x008e23b8
                                                      0x008e23bf
                                                      0x008e23c5
                                                      0x008e22c6
                                                      0x008e22c6
                                                      0x008e22c9
                                                      0x008e22cc
                                                      0x008e22e4
                                                      0x008e22e7
                                                      0x008e22ed
                                                      0x008e22f0
                                                      0x008e22f3
                                                      0x008e22f9
                                                      0x008e22fc
                                                      0x008e22fd
                                                      0x008e2303
                                                      0x008e2307
                                                      0x008e230d
                                                      0x008e2310
                                                      0x008e2371
                                                      0x008e2372
                                                      0x008e2373
                                                      0x008e2381
                                                      0x008e238c
                                                      0x008e238e
                                                      0x008e2394
                                                      0x008e239b
                                                      0x008e2312
                                                      0x008e2312
                                                      0x008e2314
                                                      0x008e2315
                                                      0x008e2316
                                                      0x008e2326
                                                      0x008e2333
                                                      0x008e2339
                                                      0x008e2340
                                                      0x008e2346
                                                      0x008e235a
                                                      0x008e235a
                                                      0x008e235c
                                                      0x008e2364
                                                      0x008e236e
                                                      0x008e2348
                                                      0x008e2348
                                                      0x008e234b
                                                      0x008e2350
                                                      0x008e2353
                                                      0x008e2356
                                                      0x00000000
                                                      0x008e2358
                                                      0x008e2358
                                                      0x00000000
                                                      0x008e2358
                                                      0x008e2356
                                                      0x008e2346
                                                      0x008e2310
                                                      0x008e22c0
                                                      0x008e22af
                                                      0x008e22a8
                                                      0x008e229a
                                                      0x008e215c
                                                      0x008e215c
                                                      0x008e215f
                                                      0x008e2162
                                                      0x008e217a
                                                      0x008e217d
                                                      0x008e2183
                                                      0x008e2185
                                                      0x008e2188
                                                      0x008e218f
                                                      0x008e2190
                                                      0x008e2196
                                                      0x008e219d
                                                      0x008e21a0
                                                      0x008e21a1
                                                      0x008e21fc
                                                      0x008e2206
                                                      0x008e220e
                                                      0x008e2218
                                                      0x008e21a3
                                                      0x008e21a3
                                                      0x008e21a5
                                                      0x008e21b9
                                                      0x008e21c1
                                                      0x008e21c4
                                                      0x008e21cb
                                                      0x008e21d1
                                                      0x008e21e5
                                                      0x008e21e5
                                                      0x008e21e7
                                                      0x008e21ef
                                                      0x008e21f9
                                                      0x008e21d3
                                                      0x008e21d3
                                                      0x008e21d6
                                                      0x008e21d9
                                                      0x008e21de
                                                      0x008e21e1
                                                      0x00000000
                                                      0x008e21e3
                                                      0x008e21e3
                                                      0x00000000
                                                      0x008e21e3
                                                      0x008e21e1
                                                      0x008e21d1
                                                      0x008e21a1
                                                      0x008e2156
                                                      0x008e2145
                                                      0x008e213e
                                                      0x008e2130
                                                      0x008e2016
                                                      0x008e2016
                                                      0x008e2019
                                                      0x008e201c
                                                      0x008e2034
                                                      0x008e2034
                                                      0x008e2037
                                                      0x008e203a
                                                      0x008e203d
                                                      0x008e2045
                                                      0x008e204c
                                                      0x008e204f
                                                      0x008e2053
                                                      0x008e2056
                                                      0x008e2059
                                                      0x008e2088
                                                      0x008e2088
                                                      0x008e2092
                                                      0x008e205b
                                                      0x008e205b
                                                      0x008e2062
                                                      0x008e2064
                                                      0x008e206a
                                                      0x008e207e
                                                      0x008e207e
                                                      0x008e2080
                                                      0x00000000
                                                      0x008e206c
                                                      0x008e206c
                                                      0x008e206f
                                                      0x008e2077
                                                      0x008e207a
                                                      0x00000000
                                                      0x008e207c
                                                      0x008e207c
                                                      0x00000000
                                                      0x008e207c
                                                      0x008e207a
                                                      0x008e206a
                                                      0x008e2059
                                                      0x008e2010
                                                      0x008e1fff
                                                      0x008e1fb2
                                                      0x008e1f71
                                                      0x008e1f71
                                                      0x008e1f73
                                                      0x008e1f76
                                                      0x008e1f78
                                                      0x008e1f78
                                                      0x008e1f7a
                                                      0x008e1f7d
                                                      0x008e1f83
                                                      0x008e1f8b
                                                      0x008e1f8d
                                                      0x008e1f99
                                                      0x008e1f99
                                                      0x008e1f1c
                                                      0x008e1f1c
                                                      0x00000000
                                                      0x008e1f1c
                                                      0x008e1f1a
                                                      0x008e1f0a
                                                      0x008e1eb9
                                                      0x008e1eb9
                                                      0x00000000
                                                      0x008e1eb9
                                                      0x008e1eb7
                                                      0x008e1ea7
                                                      0x008e1c24
                                                      0x008e1c25
                                                      0x008e1c2a
                                                      0x008e1c2d
                                                      0x008e1c2f
                                                      0x008e1e7f
                                                      0x008e1e7f
                                                      0x00000000
                                                      0x008e1c35
                                                      0x008e1c35
                                                      0x008e1c38
                                                      0x008e1c3b
                                                      0x008e1c53
                                                      0x008e1c56
                                                      0x008e1c59
                                                      0x008e1c5b
                                                      0x008e1c5e
                                                      0x008e1c61
                                                      0x008e1c67
                                                      0x008e1c6e
                                                      0x008e1c75
                                                      0x008e1c78
                                                      0x008e1c7b
                                                      0x00000000
                                                      0x008e1c7b
                                                      0x008e1c2f
                                                      0x008e1c1e
                                                      0x008e1c17
                                                      0x008e1c08
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e13cb
                                                      0x008e13bb
                                                      0x008e11f7
                                                      0x008e121d
                                                      0x008e1225
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e1225
                                                      0x008e11f5

                                                      APIs
                                                      • CreateMutexW.KERNELBASE(00000000,00000000,// {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}), ref: 008E11BD
                                                      • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,?), ref: 008E11D8
                                                      • RegOpenKeyW.ADVAPI32(80000002,SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full,?), ref: 008E11F1
                                                      • RegQueryValueExW.KERNELBASE(?,Release,00000000,?,?,000000FF), ref: 008E121D
                                                      • GetModuleFileNameW.KERNEL32(00000000,?,00000104,?,?,?,000000FF,?,73AFF5D0), ref: 008E1283
                                                      • GetLastError.KERNEL32 ref: 008E18B3
                                                      • MessageBoxW.USER32(00000000,00000000,?,00000031), ref: 008E1AB3
                                                      • ShellExecuteW.SHELL32(-00000001,open,https://go.microsoft.com/fwlink/?linkid=2134832,-00000001,-00000001,00000001), ref: 008E1ACD
                                                      Strings
                                                      • This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wal, xrefs: 008E19F2, 008E1A9C, 008E1AB0
                                                      • StartupInstaller.exe - This installer could not be started., xrefs: 008E18FA, 008E19AC
                                                      • open, xrefs: 008E1AC7
                                                      • SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full, xrefs: 008E11CE, 008E11E7
                                                      • L%u, xrefs: 008E1ACD
                                                      • Release, xrefs: 008E1211
                                                      • https://go.microsoft.com/fwlink/?linkid=2134832, xrefs: 008E1AC2
                                                      • // {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}, xrefs: 008E11B4
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Open$CreateErrorExecuteFileLastMessageModuleMutexNameQueryShellValue
                                                      • String ID: // {9D255ADC-2EB7-47F7-8DE0-7B2F4F9D9EB2}$Release$SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full$StartupInstaller.exe - This installer could not be started.$This installer requires .Net Framework v4.6 or higher. Please install the required .Net Framework and then try to install Bing Wal$https://go.microsoft.com/fwlink/?linkid=2134832$open$L%u
                                                      • API String ID: 1897639989-3238776581
                                                      • Opcode ID: 72697d208684f232a218b554ba676efdb1f980d1ea3870f2bd2dc3746354aa81
                                                      • Instruction ID: 9bb316c204253fdcad60d5ece42322815f097bf54df011c2968a93f876ee32bb
                                                      • Opcode Fuzzy Hash: 72697d208684f232a218b554ba676efdb1f980d1ea3870f2bd2dc3746354aa81
                                                      • Instruction Fuzzy Hash: 6071B2702083849EDB30DB25CC49BBAB7E8FF95704F40092DEA88D6292E774A944CB56
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E2D9A() {
				_Unknown_base(*)()* _t1;

				_t1 = SetUnhandledExceptionFilter(E008E2DA6); // executed
				return _t1;
			}




                                                      0x008e2d9f
                                                      0x008e2da5

                                                      APIs
                                                      • SetUnhandledExceptionFilter.KERNELBASE(Function_00002DA6,008E26E8), ref: 008E2D9F
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled
                                                      • String ID:
                                                      • API String ID: 3192549508-0
                                                      • Opcode ID: 9e799239943017f529e52033e5bb658b816b3b68b240f3a8d925e6abddf199ae
                                                      • Instruction ID: 5866b83c07b8fa4651eab72687dee77fcb2bddcf89c00d7753f1e9c622dc8626
                                                      • Opcode Fuzzy Hash: 9e799239943017f529e52033e5bb658b816b3b68b240f3a8d925e6abddf199ae
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E631D(void* __eax, void* __ebx, void* __ecx, void* __edx) {

				 *((intOrPtr*)(__ebx + __eax + 0x33)) =  *((intOrPtr*)(__ebx + __eax + 0x33)) + __edx;
			}



                                                      0x008e6322

                                                      APIs
                                                        • Part of subcall function 008E8F04: GetEnvironmentStringsW.KERNEL32 ref: 008E8F0D
                                                        • Part of subcall function 008E8F04: _free.LIBCMT ref: 008E8F6C
                                                        • Part of subcall function 008E8F04: FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008E8F7B
                                                      • _free.LIBCMT ref: 008E635D
                                                      • _free.LIBCMT ref: 008E6364
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$EnvironmentStrings$Free
                                                      • String ID:
                                                      • API String ID: 2490078468-0
                                                      • Opcode ID: ddf7be61338e8881112e03a961d742ee0bf4d5c94b5cc6a4d7e4ff57a6d56732
                                                      • Instruction ID: f41f661cdd128032c06ba6ff1123e5847cf37812b09755ccac41afc937372f61
                                                      • Opcode Fuzzy Hash: ddf7be61338e8881112e03a961d742ee0bf4d5c94b5cc6a4d7e4ff57a6d56732
                                                      • Instruction Fuzzy Hash: 3AE0E5279099D049E721662FBC2156D5241FBA33B4B11121BF824C72C2EE60C8121257
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 91%
                                                      			E008E8FB9(void* __edi, void* __eflags) {
				intOrPtr _v12;
				void* __ecx;
				char _t17;
				void* _t18;
				void* _t27;
				intOrPtr* _t32;
				char _t35;
				void* _t37;

				_push(_t27);
				_push(_t27);
				_t17 = E008E7AC3(_t27, 0x40, 0x38); // executed
				_t35 = _t17;
				_v12 = _t35;
				if(_t35 != 0) {
					_t2 = _t35 + 0xe00; // 0xe00
					_t18 = _t2;
					__eflags = _t35 - _t18;
					if(__eflags != 0) {
						_t3 = _t35 + 0x20; // 0x20
						_t32 = _t3;
						_t37 = _t18;
						do {
							_t4 = _t32 - 0x20; // 0x0
							E008E9E78(__eflags, _t4, 0xfa0, 0);
							 *(_t32 - 8) =  *(_t32 - 8) | 0xffffffff;
							 *_t32 = 0;
							_t32 = _t32 + 0x38;
							 *((intOrPtr*)(_t32 - 0x34)) = 0;
							 *((intOrPtr*)(_t32 - 0x30)) = 0xa0a0000;
							 *((char*)(_t32 - 0x2c)) = 0xa;
							 *(_t32 - 0x2b) =  *(_t32 - 0x2b) & 0x000000f8;
							 *((intOrPtr*)(_t32 - 0x2a)) = 0;
							 *((char*)(_t32 - 0x26)) = 0;
							__eflags = _t32 - 0x20 - _t37;
						} while (__eflags != 0);
						_t35 = _v12;
					}
				} else {
					_t35 = 0;
				}
				E008E7B20(0);
				return _t35;
			}











                                                      0x008e8fbe
                                                      0x008e8fbf
                                                      0x008e8fc6
                                                      0x008e8fcb
                                                      0x008e8fcf
                                                      0x008e8fd6
                                                      0x008e8fdc
                                                      0x008e8fdc
                                                      0x008e8fe2
                                                      0x008e8fe4
                                                      0x008e8fe7
                                                      0x008e8fe7
                                                      0x008e8fea
                                                      0x008e8fec
                                                      0x008e8ff2
                                                      0x008e8ff6
                                                      0x008e8ffb
                                                      0x008e8fff
                                                      0x008e9001
                                                      0x008e9004
                                                      0x008e900a
                                                      0x008e9011
                                                      0x008e9015
                                                      0x008e9019
                                                      0x008e901c
                                                      0x008e901f
                                                      0x008e901f
                                                      0x008e9023
                                                      0x008e9026
                                                      0x008e8fd8
                                                      0x008e8fd8
                                                      0x008e8fd8
                                                      0x008e9028
                                                      0x008e9033

                                                      APIs
                                                        • Part of subcall function 008E7AC3: RtlAllocateHeap.NTDLL(00000008,?,00000000,?,008E78CB,00000001,00000364,00000006,000000FF,?,?,008E3465,?), ref: 008E7B04
                                                      • _free.LIBCMT ref: 008E9028
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AllocateHeap_free
                                                      • String ID:
                                                      • API String ID: 614378929-0
                                                      • Opcode ID: b738d95f3b69ef2d66fbd2923e63bd2f098e0f7e861d0d1deb6b0451ad9a20d4
                                                      • Instruction ID: 7b44944b8e88e61b9fd2f7282ba24cf65bf5385fc47cea12a5b438d8312a7ed5
                                                      • Opcode Fuzzy Hash: b738d95f3b69ef2d66fbd2923e63bd2f098e0f7e861d0d1deb6b0451ad9a20d4
                                                      • Instruction Fuzzy Hash: 0701F972604396AFC321CF59D88199EFB98FB06370F550629F545E76C0D7B06D10CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 95%
                                                      			E008E7AC3(void* __ecx, signed int _a4, signed int _a8) {
				void* _t8;
				void* _t12;
				signed int _t13;
				void* _t15;
				signed int _t18;
				long _t19;

				_t15 = __ecx;
				_t18 = _a4;
				if(_t18 == 0) {
					L2:
					_t19 = _t18 * _a8;
					if(_t19 == 0) {
						_t19 = _t19 + 1;
					}
					while(1) {
						_t8 = RtlAllocateHeap( *0x902338, 8, _t19); // executed
						if(_t8 != 0) {
							break;
						}
						__eflags = E008E69E2();
						if(__eflags == 0) {
							L8:
							 *((intOrPtr*)(E008E7185(__eflags))) = 0xc;
							__eflags = 0;
							return 0;
						}
						_t12 = E008E5D87(_t15, __eflags, _t19);
						_pop(_t15);
						__eflags = _t12;
						if(__eflags == 0) {
							goto L8;
						}
					}
					return _t8;
				}
				_t13 = 0xffffffe0;
				if(_t13 / _t18 < _a8) {
					goto L8;
				}
				goto L2;
			}









                                                      0x008e7ac3
                                                      0x008e7ac9
                                                      0x008e7ace
                                                      0x008e7adc
                                                      0x008e7adc
                                                      0x008e7ae2
                                                      0x008e7ae4
                                                      0x008e7ae4
                                                      0x008e7afb
                                                      0x008e7b04
                                                      0x008e7b0c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7aec
                                                      0x008e7aee
                                                      0x008e7b10
                                                      0x008e7b15
                                                      0x008e7b1b
                                                      0x00000000
                                                      0x008e7b1b
                                                      0x008e7af1
                                                      0x008e7af6
                                                      0x008e7af7
                                                      0x008e7af9
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7af9
                                                      0x00000000
                                                      0x008e7afb
                                                      0x008e7ad4
                                                      0x008e7ada
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • RtlAllocateHeap.NTDLL(00000008,?,00000000,?,008E78CB,00000001,00000364,00000006,000000FF,?,?,008E3465,?), ref: 008E7B04
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AllocateHeap
                                                      • String ID:
                                                      • API String ID: 1279760036-0
                                                      • Opcode ID: a4d0fc6021a8933ec5c970094784efe515a538f75fd23958b5f0269415f6d5ac
                                                      • Instruction ID: b9ca397ffdc752d1de056d188d72510f250e59d7a7bea1fa52a1748d4f22dbc3
                                                      • Opcode Fuzzy Hash: a4d0fc6021a8933ec5c970094784efe515a538f75fd23958b5f0269415f6d5ac
                                                      • Instruction Fuzzy Hash: 08F0B431A0C6B46BDB216B379C15B5E3758FF83770B144431F808D6091CB60DD5056E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Download Yara Rule
                                                      C-Code - Quality: 76%
                                                      			E008E5B6B(intOrPtr __ebx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v0;
				signed int _v8;
				intOrPtr _v524;
				intOrPtr _v528;
				void* _v532;
				intOrPtr _v536;
				char _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				intOrPtr _v572;
				intOrPtr _v576;
				intOrPtr _v580;
				intOrPtr _v584;
				char _v724;
				intOrPtr _v792;
				intOrPtr _v800;
				char _v804;
				struct _EXCEPTION_POINTERS _v812;
				signed int _t40;
				char* _t47;
				char* _t49;
				intOrPtr _t61;
				intOrPtr _t62;
				intOrPtr _t66;
				intOrPtr _t67;
				int _t68;
				intOrPtr _t69;
				signed int _t70;

				_t69 = __esi;
				_t67 = __edi;
				_t66 = __edx;
				_t61 = __ebx;
				_t40 =  *0x901004; // 0x112d3ebc
				_t41 = _t40 ^ _t70;
				_v8 = _t40 ^ _t70;
				if(_a4 != 0xffffffff) {
					_push(_a4);
					E008E2DFC(_t41);
					_pop(_t62);
				}
				E008E3900(_t67,  &_v804, 0, 0x50);
				E008E3900(_t67,  &_v724, 0, 0x2cc);
				_v812.ExceptionRecord =  &_v804;
				_t47 =  &_v724;
				_v812.ContextRecord = _t47;
				_v548 = _t47;
				_v552 = _t62;
				_v556 = _t66;
				_v560 = _t61;
				_v564 = _t69;
				_v568 = _t67;
				_v524 = ss;
				_v536 = cs;
				_v572 = ds;
				_v576 = es;
				_v580 = fs;
				_v584 = gs;
				asm("pushfd");
				_pop( *_t22);
				_v540 = _v0;
				_t49 =  &_v0;
				_v528 = _t49;
				_v724 = 0x10001;
				_v544 =  *((intOrPtr*)(_t49 - 4));
				_v804 = _a8;
				_v800 = _a12;
				_v792 = _v0;
				_t68 = IsDebuggerPresent();
				SetUnhandledExceptionFilter(0);
				if(UnhandledExceptionFilter( &_v812) == 0 && _t68 == 0 && _a4 != 0xffffffff) {
					_push(_a4);
					E008E2DFC(_t57);
				}
				return E008E249D(_v8 ^ _t70);
			}




































                                                      0x008e5b6b
                                                      0x008e5b6b
                                                      0x008e5b6b
                                                      0x008e5b6b
                                                      0x008e5b76
                                                      0x008e5b7b
                                                      0x008e5b7d
                                                      0x008e5b85
                                                      0x008e5b87
                                                      0x008e5b8a
                                                      0x008e5b8f
                                                      0x008e5b8f
                                                      0x008e5b9b
                                                      0x008e5bae
                                                      0x008e5bbc
                                                      0x008e5bc2
                                                      0x008e5bc8
                                                      0x008e5bce
                                                      0x008e5bd4
                                                      0x008e5bda
                                                      0x008e5be0
                                                      0x008e5be6
                                                      0x008e5bec
                                                      0x008e5bf2
                                                      0x008e5bf9
                                                      0x008e5c00
                                                      0x008e5c07
                                                      0x008e5c0e
                                                      0x008e5c15
                                                      0x008e5c1c
                                                      0x008e5c1d
                                                      0x008e5c26
                                                      0x008e5c2c
                                                      0x008e5c2f
                                                      0x008e5c35
                                                      0x008e5c42
                                                      0x008e5c4b
                                                      0x008e5c54
                                                      0x008e5c5d
                                                      0x008e5c6b
                                                      0x008e5c6d
                                                      0x008e5c82
                                                      0x008e5c8e
                                                      0x008e5c91
                                                      0x008e5c96
                                                      0x008e5ca3

                                                      APIs
                                                      • IsDebuggerPresent.KERNEL32(?,?,?,?,?,?), ref: 008E5C63
                                                      • SetUnhandledExceptionFilter.KERNEL32(00000000,?,?,?,?,?,?), ref: 008E5C6D
                                                      • UnhandledExceptionFilter.KERNEL32(?,?,?,?,?,?,?), ref: 008E5C7A
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                      • String ID:
                                                      • API String ID: 3906539128-0
                                                      • Opcode ID: 99c80915e20ed62915eed4d689977de1e85525dec23f0fd5495adc6f5ba76de4
                                                      • Instruction ID: 87638a7952007ea295fbcdb766d5dc3912798b8fb501a16a0b99840194747ee7
                                                      • Opcode Fuzzy Hash: 99c80915e20ed62915eed4d689977de1e85525dec23f0fd5495adc6f5ba76de4
                                                      • Instruction Fuzzy Hash: 2F31B17490122C9BCB21DF29DD89B8DBBB8FF09310F5041EAE51CA6261EB709B858F45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E676D(int _a4) {
				void* _t14;

				if(E008E8F88(_t14) != 1 && ( *( *[fs:0x30] + 0x68) >> 0x00000008 & 0x00000001) == 0) {
					TerminateProcess(GetCurrentProcess(), _a4);
				}
				E008E67AF(_t14, _a4);
				ExitProcess(_a4);
			}




                                                      0x008e677a
                                                      0x008e6796
                                                      0x008e6796
                                                      0x008e679f
                                                      0x008e67a8

                                                      APIs
                                                      • GetCurrentProcess.KERNEL32(008E77E5,?,008E676C,?,?,008E77E5,?,008E77E5), ref: 008E678F
                                                      • TerminateProcess.KERNEL32(00000000,?,008E676C,?,?,008E77E5,?,008E77E5), ref: 008E6796
                                                      • ExitProcess.KERNEL32 ref: 008E67A8
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: Process$CurrentExitTerminate
                                                      • String ID:
                                                      • API String ID: 1703294689-0
                                                      • Opcode ID: b78448779faa39b68e623f939175c41848ac42fd5f56dbf50e72a8fd28f5cf0d
                                                      • Instruction ID: a02dd7b69e717f73a90a5a27b8a83d9e02713e1cc9968a5eb73222e4be5bf38d
                                                      • Opcode Fuzzy Hash: b78448779faa39b68e623f939175c41848ac42fd5f56dbf50e72a8fd28f5cf0d
                                                      • Instruction Fuzzy Hash: 52E0B631000688EBCF116B59DD89A5D3B6AFB91395B054524FA09DA133DB3AED51CB41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008EDE9D(long _a4, signed int* _a8, signed char _a12, signed int _a16, intOrPtr* _a20, unsigned int* _a24, intOrPtr _a28) {
				signed int _t172;
				signed int _t175;
				signed int _t178;
				signed int* _t179;
				signed char _t193;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				void* _t204;
				void* _t207;
				signed int _t210;
				void* _t211;
				signed int _t226;
				unsigned int* _t241;
				signed char _t243;
				signed int* _t251;
				unsigned int* _t257;
				signed int* _t258;
				signed char _t260;
				long _t263;
				signed int* _t266;

				 *(_a4 + 4) = 0;
				_t263 = 0xc000000d;
				 *(_a4 + 8) = 0;
				 *(_a4 + 0xc) = 0;
				_t243 = _a12;
				if((_t243 & 0x00000010) != 0) {
					_t263 = 0xc000008f;
					 *(_a4 + 4) =  *(_a4 + 4) | 1;
				}
				if((_t243 & 0x00000002) != 0) {
					_t263 = 0xc0000093;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000002;
				}
				if((_t243 & 0x00000001) != 0) {
					_t263 = 0xc0000091;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000004;
				}
				if((_t243 & 0x00000004) != 0) {
					_t263 = 0xc000008e;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000008;
				}
				if((_t243 & 0x00000008) != 0) {
					_t263 = 0xc0000090;
					 *(_a4 + 4) =  *(_a4 + 4) | 0x00000010;
				}
				_t266 = _a8;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 << 4) ^  *(_a4 + 8)) & 0x00000010;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 +  *_t266) ^  *(_a4 + 8)) & 0x00000008;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 1) ^  *(_a4 + 8)) & 0x00000004;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 3) ^  *(_a4 + 8)) & 0x00000002;
				 *(_a4 + 8) =  *(_a4 + 8) ^ ( !( *_t266 >> 5) ^  *(_a4 + 8)) & 1;
				_t260 = E008EC30B(_a4);
				if((_t260 & 0x00000001) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000010;
				}
				if((_t260 & 0x00000004) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000008;
				}
				if((_t260 & 0x00000008) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000004;
				}
				if((_t260 & 0x00000010) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 0x00000002;
				}
				if((_t260 & 0x00000020) != 0) {
					 *(_a4 + 0xc) =  *(_a4 + 0xc) | 1;
				}
				_t172 =  *_t266 & 0x00000c00;
				if(_t172 == 0) {
					 *_a4 =  *_a4 & 0xfffffffc;
				} else {
					if(_t172 == 0x400) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffd | 1;
						L26:
						 *_t258 = _t226;
						L29:
						_t175 =  *_t266 & 0x00000300;
						if(_t175 == 0) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffeb | 0x00000008;
							L35:
							 *_t251 = _t178;
							L36:
							_t179 = _a4;
							_t255 = (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *_t179 =  *_t179 ^ (_a16 << 0x00000005 ^  *_t179) & 0x0001ffe0;
							 *(_a4 + 0x20) =  *(_a4 + 0x20) | 1;
							if(_a28 == 0) {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe3 | 0x00000002;
								 *((long long*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t255 = _a4;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe3 | 0x00000002;
								 *(_a4 + 0x50) =  *_t241;
							} else {
								 *(_a4 + 0x20) =  *(_a4 + 0x20) & 0xffffffe1;
								 *((intOrPtr*)(_a4 + 0x10)) =  *_a20;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) | 1;
								_t241 = _a24;
								 *(_a4 + 0x60) =  *(_a4 + 0x60) & 0xffffffe1;
								 *(_a4 + 0x50) =  *_t241;
							}
							E008EC277(_t255);
							RaiseException(_t263, 0, 1,  &_a4);
							_t257 = _a4;
							_t193 = _t257[2];
							if((_t193 & 0x00000010) != 0) {
								 *_t266 =  *_t266 & 0xfffffffe;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000008) != 0) {
								 *_t266 =  *_t266 & 0xfffffffb;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000004) != 0) {
								 *_t266 =  *_t266 & 0xfffffff7;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000002) != 0) {
								 *_t266 =  *_t266 & 0xffffffef;
								_t193 = _t257[2];
							}
							if((_t193 & 0x00000001) != 0) {
								 *_t266 =  *_t266 & 0xffffffdf;
							}
							_t196 =  *_t257 & 0x00000003;
							if(_t196 == 0) {
								 *_t266 =  *_t266 & 0xfffff3ff;
							} else {
								_t207 = _t196 - 1;
								if(_t207 == 0) {
									_t210 =  *_t266 & 0xfffff7ff | 0x00000400;
									L55:
									 *_t266 = _t210;
									L58:
									_t200 =  *_t257 >> 0x00000002 & 0x00000007;
									if(_t200 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000300;
										L64:
										 *_t266 = _t203;
										L65:
										if(_a28 == 0) {
											 *_t241 = _t257[0x14];
										} else {
											 *_t241 = _t257[0x14];
										}
										return _t203;
									}
									_t204 = _t200 - 1;
									if(_t204 == 0) {
										_t203 =  *_t266 & 0xfffff3ff | 0x00000200;
										goto L64;
									}
									_t203 = _t204 - 1;
									if(_t203 == 0) {
										 *_t266 =  *_t266 & 0xfffff3ff;
									}
									goto L65;
								}
								_t211 = _t207 - 1;
								if(_t211 == 0) {
									_t210 =  *_t266 & 0xfffffbff | 0x00000800;
									goto L55;
								}
								if(_t211 == 1) {
									 *_t266 =  *_t266 | 0x00000c00;
								}
							}
							goto L58;
						}
						if(_t175 == 0x200) {
							_t251 = _a4;
							_t178 =  *_t251 & 0xffffffe7 | 0x00000004;
							goto L35;
						}
						if(_t175 == 0x300) {
							 *_a4 =  *_a4 & 0xffffffe3;
						}
						goto L36;
					}
					if(_t172 == 0x800) {
						_t258 = _a4;
						_t226 =  *_t258 & 0xfffffffe | 0x00000002;
						goto L26;
					}
					if(_t172 == 0xc00) {
						 *_a4 =  *_a4 | 0x00000003;
					}
				}
			}
























                                                      0x008edeab
                                                      0x008edeb2
                                                      0x008edeb7
                                                      0x008edebd
                                                      0x008edec0
                                                      0x008edec6
                                                      0x008edecb
                                                      0x008eded0
                                                      0x008eded0
                                                      0x008eded6
                                                      0x008ededb
                                                      0x008edee0
                                                      0x008edee0
                                                      0x008edee7
                                                      0x008edeec
                                                      0x008edef1
                                                      0x008edef1
                                                      0x008edef8
                                                      0x008edefd
                                                      0x008edf02
                                                      0x008edf02
                                                      0x008edf09
                                                      0x008edf0e
                                                      0x008edf13
                                                      0x008edf13
                                                      0x008edf1b
                                                      0x008edf2b
                                                      0x008edf3d
                                                      0x008edf4f
                                                      0x008edf62
                                                      0x008edf74
                                                      0x008edf7c
                                                      0x008edf81
                                                      0x008edf86
                                                      0x008edf86
                                                      0x008edf8d
                                                      0x008edf92
                                                      0x008edf92
                                                      0x008edf99
                                                      0x008edf9e
                                                      0x008edf9e
                                                      0x008edfa5
                                                      0x008edfaa
                                                      0x008edfaa
                                                      0x008edfb1
                                                      0x008edfb6
                                                      0x008edfb6
                                                      0x008edfc0
                                                      0x008edfc2
                                                      0x008edffc
                                                      0x008edfc4
                                                      0x008edfc9
                                                      0x008edfed
                                                      0x008edff5
                                                      0x008edfe9
                                                      0x008edfe9
                                                      0x008edfff
                                                      0x008ee006
                                                      0x008ee008
                                                      0x008ee02a
                                                      0x008ee032
                                                      0x008ee035
                                                      0x008ee035
                                                      0x008ee037
                                                      0x008ee037
                                                      0x008ee042
                                                      0x008ee048
                                                      0x008ee04d
                                                      0x008ee054
                                                      0x008ee08e
                                                      0x008ee099
                                                      0x008ee09f
                                                      0x008ee0a2
                                                      0x008ee0a5
                                                      0x008ee0b1
                                                      0x008ee0b9
                                                      0x008ee056
                                                      0x008ee059
                                                      0x008ee065
                                                      0x008ee06b
                                                      0x008ee071
                                                      0x008ee074
                                                      0x008ee07d
                                                      0x008ee07d
                                                      0x008ee0bc
                                                      0x008ee0ca
                                                      0x008ee0d0
                                                      0x008ee0d3
                                                      0x008ee0d8
                                                      0x008ee0da
                                                      0x008ee0dd
                                                      0x008ee0dd
                                                      0x008ee0e2
                                                      0x008ee0e4
                                                      0x008ee0e7
                                                      0x008ee0e7
                                                      0x008ee0ec
                                                      0x008ee0ee
                                                      0x008ee0f1
                                                      0x008ee0f1
                                                      0x008ee0f6
                                                      0x008ee0f8
                                                      0x008ee0fb
                                                      0x008ee0fb
                                                      0x008ee100
                                                      0x008ee102
                                                      0x008ee102
                                                      0x008ee10f
                                                      0x008ee112
                                                      0x008ee149
                                                      0x008ee114
                                                      0x008ee114
                                                      0x008ee117
                                                      0x008ee142
                                                      0x008ee137
                                                      0x008ee137
                                                      0x008ee14b
                                                      0x008ee153
                                                      0x008ee156
                                                      0x008ee175
                                                      0x008ee17a
                                                      0x008ee17a
                                                      0x008ee17c
                                                      0x008ee181
                                                      0x008ee18d
                                                      0x008ee183
                                                      0x008ee186
                                                      0x008ee186
                                                      0x008ee192
                                                      0x008ee192
                                                      0x008ee158
                                                      0x008ee15b
                                                      0x008ee16a
                                                      0x00000000
                                                      0x008ee16a
                                                      0x008ee15d
                                                      0x008ee160
                                                      0x008ee162
                                                      0x008ee162
                                                      0x00000000
                                                      0x008ee160
                                                      0x008ee119
                                                      0x008ee11c
                                                      0x008ee132
                                                      0x00000000
                                                      0x008ee132
                                                      0x008ee121
                                                      0x008ee123
                                                      0x008ee123
                                                      0x008ee121
                                                      0x00000000
                                                      0x008ee112
                                                      0x008ee00f
                                                      0x008ee01d
                                                      0x008ee025
                                                      0x00000000
                                                      0x008ee025
                                                      0x008ee013
                                                      0x008ee018
                                                      0x008ee018
                                                      0x00000000
                                                      0x008ee013
                                                      0x008edfd0
                                                      0x008edfde
                                                      0x008edfe6
                                                      0x00000000
                                                      0x008edfe6
                                                      0x008edfd4
                                                      0x008edfd9
                                                      0x008edfd9
                                                      0x008edfd4

                                                      APIs
                                                      • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008EDE98,?,?,00000008,?,?,008EDB30,00000000), ref: 008EE0CA
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ExceptionRaise
                                                      • String ID:
                                                      • API String ID: 3997070919-0
                                                      • Opcode ID: ef701188658064a7732e2f203b4ed015f518fee990051b55721fece5a3943fd0
                                                      • Instruction ID: d872dc808b1c9b2571187c38e562f892b3695fe27bdd8f21407178a798412924
                                                      • Opcode Fuzzy Hash: ef701188658064a7732e2f203b4ed015f518fee990051b55721fece5a3943fd0
                                                      • Instruction Fuzzy Hash: 38B17D31610649DFDB14CF2DC486B657BE0FF46365F298658E89ACF2A1C735E982CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 88%
                                                      			E008E2EB8(signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _t60;
				signed int _t61;
				signed int _t62;
				signed int _t63;
				signed int _t66;
				signed int _t67;
				signed int _t73;
				intOrPtr _t74;
				intOrPtr _t75;
				intOrPtr* _t77;
				signed int _t78;
				intOrPtr* _t82;
				signed int _t85;
				signed int _t90;
				intOrPtr* _t93;
				signed int _t96;
				signed int _t99;
				signed int _t104;

				_t90 = __edx;
				 *0x901cb4 =  *0x901cb4 & 0x00000000;
				 *0x901010 =  *0x901010 | 0x00000001;
				if(IsProcessorFeaturePresent(0xa) == 0) {
					L23:
					return 0;
				}
				_v20 = _v20 & 0x00000000;
				_push(_t74);
				_t93 =  &_v40;
				asm("cpuid");
				_t75 = _t74;
				 *_t93 = 0;
				 *((intOrPtr*)(_t93 + 4)) = _t74;
				 *((intOrPtr*)(_t93 + 8)) = 0;
				 *(_t93 + 0xc) = _t90;
				_v16 = _v40;
				_v12 = _v28 ^ 0x49656e69;
				_v8 = _v36 ^ 0x756e6547;
				_push(_t75);
				asm("cpuid");
				_t77 =  &_v40;
				 *_t77 = 1;
				 *((intOrPtr*)(_t77 + 4)) = _t75;
				 *((intOrPtr*)(_t77 + 8)) = 0;
				 *(_t77 + 0xc) = _t90;
				if((_v8 | _v32 ^ 0x6c65746e | _v12) != 0) {
					L9:
					_t96 =  *0x901cb8; // 0x2
					L10:
					_t85 = _v32;
					_t60 = 7;
					_v8 = _t85;
					if(_v16 < _t60) {
						_t78 = _v20;
					} else {
						_push(_t77);
						asm("cpuid");
						_t82 =  &_v40;
						 *_t82 = _t60;
						 *((intOrPtr*)(_t82 + 4)) = _t77;
						 *((intOrPtr*)(_t82 + 8)) = 0;
						_t85 = _v8;
						 *(_t82 + 0xc) = _t90;
						_t78 = _v36;
						if((_t78 & 0x00000200) != 0) {
							 *0x901cb8 = _t96 | 0x00000002;
						}
					}
					_t61 =  *0x901010; // 0x6f
					_t62 = _t61 | 0x00000002;
					 *0x901cb4 = 1;
					 *0x901010 = _t62;
					if((_t85 & 0x00100000) != 0) {
						_t63 = _t62 | 0x00000004;
						 *0x901cb4 = 2;
						 *0x901010 = _t63;
						if((_t85 & 0x08000000) != 0 && (_t85 & 0x10000000) != 0) {
							asm("xgetbv");
							_v24 = _t63;
							_v20 = _t90;
							_t104 = 6;
							if((_v24 & _t104) == _t104) {
								_t66 =  *0x901010; // 0x6f
								_t67 = _t66 | 0x00000008;
								 *0x901cb4 = 3;
								 *0x901010 = _t67;
								if((_t78 & 0x00000020) != 0) {
									 *0x901cb4 = 5;
									 *0x901010 = _t67 | 0x00000020;
									if((_t78 & 0xd0030000) == 0xd0030000 && (_v24 & 0x000000e0) == 0xe0) {
										 *0x901010 =  *0x901010 | 0x00000040;
										 *0x901cb4 = _t104;
									}
								}
							}
						}
					}
					goto L23;
				}
				_t73 = _v40 & 0x0fff3ff0;
				if(_t73 == 0x106c0 || _t73 == 0x20660 || _t73 == 0x20670 || _t73 == 0x30650 || _t73 == 0x30660 || _t73 == 0x30670) {
					_t99 =  *0x901cb8; // 0x2
					_t96 = _t99 | 0x00000001;
					 *0x901cb8 = _t96;
					goto L10;
				} else {
					goto L9;
				}
			}






























                                                      0x008e2eb8
                                                      0x008e2ebb
                                                      0x008e2ec5
                                                      0x008e2ed5
                                                      0x008e3084
                                                      0x008e3087
                                                      0x008e3087
                                                      0x008e2edb
                                                      0x008e2ee1
                                                      0x008e2ee6
                                                      0x008e2eea
                                                      0x008e2eee
                                                      0x008e2eef
                                                      0x008e2ef1
                                                      0x008e2ef4
                                                      0x008e2ef9
                                                      0x008e2f02
                                                      0x008e2f13
                                                      0x008e2f1e
                                                      0x008e2f24
                                                      0x008e2f25
                                                      0x008e2f2a
                                                      0x008e2f2d
                                                      0x008e2f32
                                                      0x008e2f3a
                                                      0x008e2f3d
                                                      0x008e2f40
                                                      0x008e2f85
                                                      0x008e2f85
                                                      0x008e2f8b
                                                      0x008e2f8b
                                                      0x008e2f90
                                                      0x008e2f91
                                                      0x008e2f97
                                                      0x008e2fc8
                                                      0x008e2f99
                                                      0x008e2f9b
                                                      0x008e2f9c
                                                      0x008e2fa1
                                                      0x008e2fa4
                                                      0x008e2fa6
                                                      0x008e2fa9
                                                      0x008e2fac
                                                      0x008e2faf
                                                      0x008e2fb2
                                                      0x008e2fbb
                                                      0x008e2fc0
                                                      0x008e2fc0
                                                      0x008e2fbb
                                                      0x008e2fcb
                                                      0x008e2fd0
                                                      0x008e2fd3
                                                      0x008e2fdd
                                                      0x008e2fe8
                                                      0x008e2fee
                                                      0x008e2ff1
                                                      0x008e2ffb
                                                      0x008e3006
                                                      0x008e3012
                                                      0x008e3015
                                                      0x008e3018
                                                      0x008e3023
                                                      0x008e3028
                                                      0x008e302a
                                                      0x008e302f
                                                      0x008e3032
                                                      0x008e303c
                                                      0x008e3044
                                                      0x008e3049
                                                      0x008e3053
                                                      0x008e3061
                                                      0x008e3074
                                                      0x008e307b
                                                      0x008e307b
                                                      0x008e3061
                                                      0x008e3044
                                                      0x008e3028
                                                      0x008e3006
                                                      0x00000000
                                                      0x008e3083
                                                      0x008e2f45
                                                      0x008e2f4f
                                                      0x008e2f74
                                                      0x008e2f7a
                                                      0x008e2f7d
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000

                                                      APIs
                                                      • IsProcessorFeaturePresent.KERNEL32(0000000A), ref: 008E2ECE
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: FeaturePresentProcessor
                                                      • String ID:
                                                      • API String ID: 2325560087-0
                                                      • Opcode ID: 772d4de99acf8b312af19723acab16a0b56380b0469a5dcd6e47798e3bcb7467
                                                      • Instruction ID: 5b4586f53d2f5bdfaad97a8297897288ca148c784d39f5f0cc9ccd5dfaa1306d
                                                      • Opcode Fuzzy Hash: 772d4de99acf8b312af19723acab16a0b56380b0469a5dcd6e47798e3bcb7467
                                                      • Instruction Fuzzy Hash: 9951D0B1D286958FEB28CF59D8C57AAB7F4FB09310F24852AD841EB250D774DE80DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 78%
                                                      			E008E7EFF(void* __ebx, void* __ecx, void* __edi, void* __esi, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				union _FINDEX_INFO_LEVELS _v28;
				intOrPtr* _v32;
				intOrPtr _v36;
				signed int _v48;
				struct _WIN32_FIND_DATAW _v604;
				char _v605;
				intOrPtr* _v612;
				union _FINDEX_INFO_LEVELS _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				signed int _v628;
				union _FINDEX_INFO_LEVELS _v632;
				union _FINDEX_INFO_LEVELS _v636;
				signed int _v640;
				signed int _v644;
				union _FINDEX_INFO_LEVELS _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				signed int _v664;
				union _FINDEX_INFO_LEVELS _v668;
				union _FINDEX_INFO_LEVELS _v672;
				intOrPtr _t68;
				signed int _t73;
				signed int _t75;
				char _t77;
				signed char _t78;
				signed int _t84;
				signed int _t94;
				signed int _t97;
				union _FINDEX_INFO_LEVELS _t98;
				intOrPtr* _t106;
				signed int _t109;
				intOrPtr _t117;
				signed int _t119;
				signed int _t122;
				signed int _t124;
				void* _t127;
				union _FINDEX_INFO_LEVELS _t128;
				intOrPtr* _t131;
				intOrPtr* _t134;
				signed int _t136;
				intOrPtr* _t139;
				signed int _t144;
				signed int _t150;
				void* _t156;
				void* _t157;
				signed int _t160;
				intOrPtr _t162;
				void* _t167;
				void* _t168;
				signed int _t170;
				signed int _t173;
				void* _t174;
				signed int _t175;
				void* _t176;
				void* _t177;

				_push(__ecx);
				_t134 = _a4;
				_t2 = _t134 + 1; // 0x1
				_t156 = _t2;
				do {
					_t68 =  *_t134;
					_t134 = _t134 + 1;
				} while (_t68 != 0);
				_push(__edi);
				_t160 = _a12;
				_t136 = _t134 - _t156 + 1;
				_v8 = _t136;
				if(_t136 <=  !_t160) {
					_push(__ebx);
					_push(__esi);
					_t5 = _t160 + 1; // 0x1
					_t127 = _t5 + _t136;
					_t167 = E008E7AC3(_t136, _t127, 1);
					__eflags = _t160;
					if(_t160 == 0) {
						L7:
						_push(_v8);
						_t127 = _t127 - _t160;
						_t73 = E008EB2D7(_t167 + _t160, _t127, _a4);
						_t175 = _t174 + 0x10;
						__eflags = _t73;
						if(_t73 != 0) {
							goto L12;
						} else {
							_t131 = _a16;
							_t119 = E008E82FA(_t131);
							_v8 = _t119;
							__eflags = _t119;
							if(_t119 == 0) {
								 *( *(_t131 + 4)) = _t167;
								_t170 = 0;
								_t14 = _t131 + 4;
								 *_t14 =  *(_t131 + 4) + 4;
								__eflags =  *_t14;
							} else {
								E008E7B20(_t167);
								_t170 = _v8;
							}
							E008E7B20(0);
							_t122 = _t170;
							goto L4;
						}
					} else {
						_push(_t160);
						_t124 = E008EB2D7(_t167, _t127, _a8);
						_t175 = _t174 + 0x10;
						__eflags = _t124;
						if(_t124 != 0) {
							L12:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							E008E5D44();
							asm("int3");
							_t173 = _t175;
							_t176 = _t175 - 0x298;
							_t75 =  *0x901004; // 0x112d3ebc
							_v48 = _t75 ^ _t173;
							_t139 = _v32;
							_t157 = _v28;
							_push(_t127);
							_push(0);
							_t162 = _v36;
							_v648 = _t157;
							__eflags = _t139 - _t162;
							if(_t139 != _t162) {
								while(1) {
									_t117 =  *_t139;
									__eflags = _t117 - 0x2f;
									if(_t117 == 0x2f) {
										break;
									}
									__eflags = _t117 - 0x5c;
									if(_t117 != 0x5c) {
										__eflags = _t117 - 0x3a;
										if(_t117 != 0x3a) {
											_t139 = E008EB330(_t162, _t139);
											__eflags = _t139 - _t162;
											if(_t139 != _t162) {
												continue;
											}
										}
									}
									break;
								}
								_t157 = _v612;
							}
							_t77 =  *_t139;
							_v605 = _t77;
							__eflags = _t77 - 0x3a;
							if(_t77 != 0x3a) {
								L23:
								_t128 = 0;
								__eflags = _t77 - 0x2f;
								if(__eflags == 0) {
									L26:
									_t78 = 1;
								} else {
									__eflags = _t77 - 0x5c;
									if(__eflags == 0) {
										goto L26;
									} else {
										__eflags = _t77 - 0x3a;
										_t78 = 0;
										if(__eflags == 0) {
											goto L26;
										}
									}
								}
								_v672 = _t128;
								_v668 = _t128;
								_push(_t167);
								asm("sbb eax, eax");
								_v664 = _t128;
								_v660 = _t128;
								_v640 =  ~(_t78 & 0x000000ff) & _t139 - _t162 + 0x00000001;
								_v656 = _t128;
								_v652 = _t128;
								_t84 = E008E7CF3(_t139 - _t162 + 1, _t162,  &_v672, E008E8207(_t157, __eflags));
								_t177 = _t176 + 0xc;
								asm("sbb eax, eax");
								_t168 = FindFirstFileExW( !( ~_t84) & _v664, _t128,  &_v604, _t128, _t128, _t128);
								__eflags = _t168 - 0xffffffff;
								if(_t168 != 0xffffffff) {
									_t144 =  *((intOrPtr*)(_v612 + 4)) -  *_v612;
									__eflags = _t144;
									_t145 = _t144 >> 2;
									_v644 = _t144 >> 2;
									do {
										_v636 = _t128;
										_v632 = _t128;
										_v628 = _t128;
										_v624 = _t128;
										_v620 = _t128;
										_v616 = _t128;
										_t94 = E008E7C24( &(_v604.cFileName),  &_v636,  &_v605, E008E8207(_t157, __eflags));
										_t177 = _t177 + 0x10;
										asm("sbb eax, eax");
										_t97 =  !( ~_t94) & _v628;
										__eflags =  *_t97 - 0x2e;
										if( *_t97 != 0x2e) {
											L34:
											_push(_v612);
											_t98 = E008E7EFF(_t128, _t145, _t162, _t168, _t97, _t162, _v640);
											_t177 = _t177 + 0x10;
											_v648 = _t98;
											__eflags = _t98;
											if(_t98 != 0) {
												__eflags = _v616 - _t128;
												if(_v616 != _t128) {
													E008E7B20(_v628);
													_t98 = _v648;
												}
												_t128 = _t98;
											} else {
												goto L35;
											}
										} else {
											_t145 =  *((intOrPtr*)(_t97 + 1));
											__eflags = _t145;
											if(_t145 == 0) {
												goto L35;
											} else {
												__eflags = _t145 - 0x2e;
												if(_t145 != 0x2e) {
													goto L34;
												} else {
													__eflags =  *((intOrPtr*)(_t97 + 2)) - _t128;
													if( *((intOrPtr*)(_t97 + 2)) == _t128) {
														goto L35;
													} else {
														goto L34;
													}
												}
											}
										}
										L43:
										FindClose(_t168);
										goto L44;
										L35:
										__eflags = _v616 - _t128;
										if(_v616 != _t128) {
											E008E7B20(_v628);
											_pop(_t145);
										}
										__eflags = FindNextFileW(_t168,  &_v604);
									} while (__eflags != 0);
									_t106 = _v612;
									_t150 = _v644;
									_t158 =  *_t106;
									_t109 =  *((intOrPtr*)(_t106 + 4)) -  *_t106 >> 2;
									__eflags = _t150 - _t109;
									if(_t150 != _t109) {
										E008EADE0(_t128, _t162, _t168, _t158 + _t150 * 4, _t109 - _t150, 4, E008E7B5A);
									}
									goto L43;
								} else {
									_push(_v612);
									_t128 = E008E7EFF(_t128,  &_v604, _t162, _t168, _t162, _t128, _t128);
								}
								L44:
								__eflags = _v652;
								if(_v652 != 0) {
									E008E7B20(_v664);
								}
							} else {
								__eflags = _t139 - _t162 + 1;
								if(_t139 == _t162 + 1) {
									_t77 = _v605;
									goto L23;
								} else {
									_push(_t157);
									E008E7EFF(0, _t139, _t162, _t167, _t162, 0, 0);
								}
							}
							__eflags = _v12 ^ _t173;
							return E008E249D(_v12 ^ _t173);
						} else {
							goto L7;
						}
					}
				} else {
					_t122 = 0xc;
					L4:
					return _t122;
				}
			}






























































                                                      0x008e7f04
                                                      0x008e7f05
                                                      0x008e7f08
                                                      0x008e7f08
                                                      0x008e7f0b
                                                      0x008e7f0b
                                                      0x008e7f0d
                                                      0x008e7f0e
                                                      0x008e7f12
                                                      0x008e7f13
                                                      0x008e7f1a
                                                      0x008e7f1d
                                                      0x008e7f22
                                                      0x008e7f2a
                                                      0x008e7f2b
                                                      0x008e7f2c
                                                      0x008e7f2f
                                                      0x008e7f39
                                                      0x008e7f3d
                                                      0x008e7f3f
                                                      0x008e7f53
                                                      0x008e7f53
                                                      0x008e7f56
                                                      0x008e7f60
                                                      0x008e7f65
                                                      0x008e7f68
                                                      0x008e7f6a
                                                      0x00000000
                                                      0x008e7f6c
                                                      0x008e7f6c
                                                      0x008e7f71
                                                      0x008e7f78
                                                      0x008e7f7b
                                                      0x008e7f7d
                                                      0x008e7f8e
                                                      0x008e7f90
                                                      0x008e7f92
                                                      0x008e7f92
                                                      0x008e7f92
                                                      0x008e7f7f
                                                      0x008e7f80
                                                      0x008e7f85
                                                      0x008e7f88
                                                      0x008e7f97
                                                      0x008e7f9d
                                                      0x00000000
                                                      0x008e7fa0
                                                      0x008e7f41
                                                      0x008e7f41
                                                      0x008e7f47
                                                      0x008e7f4c
                                                      0x008e7f4f
                                                      0x008e7f51
                                                      0x008e7fa3
                                                      0x008e7fa5
                                                      0x008e7fa6
                                                      0x008e7fa7
                                                      0x008e7fa8
                                                      0x008e7fa9
                                                      0x008e7faa
                                                      0x008e7faf
                                                      0x008e7fb3
                                                      0x008e7fb5
                                                      0x008e7fbb
                                                      0x008e7fc2
                                                      0x008e7fc5
                                                      0x008e7fc8
                                                      0x008e7fcb
                                                      0x008e7fcc
                                                      0x008e7fcd
                                                      0x008e7fd0
                                                      0x008e7fd6
                                                      0x008e7fd8
                                                      0x008e7fda
                                                      0x008e7fda
                                                      0x008e7fdc
                                                      0x008e7fde
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7fe0
                                                      0x008e7fe2
                                                      0x008e7fe4
                                                      0x008e7fe6
                                                      0x008e7ff1
                                                      0x008e7ff3
                                                      0x008e7ff5
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7ff5
                                                      0x008e7fe6
                                                      0x00000000
                                                      0x008e7fe2
                                                      0x008e7ff7
                                                      0x008e7ff7
                                                      0x008e7ffd
                                                      0x008e7fff
                                                      0x008e8005
                                                      0x008e8007
                                                      0x008e8029
                                                      0x008e8029
                                                      0x008e802b
                                                      0x008e802d
                                                      0x008e8039
                                                      0x008e8039
                                                      0x008e802f
                                                      0x008e802f
                                                      0x008e8031
                                                      0x00000000
                                                      0x008e8033
                                                      0x008e8033
                                                      0x008e8035
                                                      0x008e8037
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8037
                                                      0x008e8031
                                                      0x008e8041
                                                      0x008e8049
                                                      0x008e804f
                                                      0x008e8050
                                                      0x008e8052
                                                      0x008e805a
                                                      0x008e8060
                                                      0x008e8066
                                                      0x008e806c
                                                      0x008e8080
                                                      0x008e8085
                                                      0x008e8090
                                                      0x008e80a6
                                                      0x008e80a8
                                                      0x008e80ab
                                                      0x008e80ce
                                                      0x008e80ce
                                                      0x008e80d0
                                                      0x008e80d3
                                                      0x008e80d9
                                                      0x008e80d9
                                                      0x008e80df
                                                      0x008e80e5
                                                      0x008e80eb
                                                      0x008e80f1
                                                      0x008e80f7
                                                      0x008e8118
                                                      0x008e811d
                                                      0x008e8122
                                                      0x008e8126
                                                      0x008e812c
                                                      0x008e812f
                                                      0x008e8142
                                                      0x008e8142
                                                      0x008e8150
                                                      0x008e8155
                                                      0x008e8158
                                                      0x008e815e
                                                      0x008e8160
                                                      0x008e81be
                                                      0x008e81c4
                                                      0x008e81cc
                                                      0x008e81d1
                                                      0x008e81d7
                                                      0x008e81d8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8131
                                                      0x008e8131
                                                      0x008e8134
                                                      0x008e8136
                                                      0x00000000
                                                      0x008e8138
                                                      0x008e8138
                                                      0x008e813b
                                                      0x00000000
                                                      0x008e813d
                                                      0x008e813d
                                                      0x008e8140
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8140
                                                      0x008e813b
                                                      0x008e8136
                                                      0x008e81da
                                                      0x008e81db
                                                      0x00000000
                                                      0x008e8162
                                                      0x008e8162
                                                      0x008e8168
                                                      0x008e8170
                                                      0x008e8175
                                                      0x008e8175
                                                      0x008e8184
                                                      0x008e8184
                                                      0x008e818c
                                                      0x008e8192
                                                      0x008e8198
                                                      0x008e819f
                                                      0x008e81a2
                                                      0x008e81a4
                                                      0x008e81b4
                                                      0x008e81b9
                                                      0x00000000
                                                      0x008e80ad
                                                      0x008e80ad
                                                      0x008e80be
                                                      0x008e80be
                                                      0x008e81e1
                                                      0x008e81e1
                                                      0x008e81e9
                                                      0x008e81f1
                                                      0x008e81f6
                                                      0x008e8009
                                                      0x008e800c
                                                      0x008e800e
                                                      0x008e8023
                                                      0x00000000
                                                      0x008e8010
                                                      0x008e8010
                                                      0x008e8016
                                                      0x008e801b
                                                      0x008e800e
                                                      0x008e81fd
                                                      0x008e8206
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7f51
                                                      0x008e7f24
                                                      0x008e7f26
                                                      0x008e7f27
                                                      0x008e7f29
                                                      0x008e7f29

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e758062182d270d56915aaec6d73201d1d27bce42e23af0b09024679f895194b
                                                      • Instruction ID: c6a1e5e5ea5ed49193bab77d3e0de111e8f97567238140598d46e068ac8d0289
                                                      • Opcode Fuzzy Hash: e758062182d270d56915aaec6d73201d1d27bce42e23af0b09024679f895194b
                                                      • Instruction Fuzzy Hash: C541C671808658AEDF24DF6ACC89AAEBBB9FF46300F1442D9E41DD3211DA359E848F10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008EA01F() {
				signed int _t3;

				_t3 = GetProcessHeap();
				 *0x902338 = _t3;
				return _t3 & 0xffffff00 | _t3 != 0x00000000;
			}




                                                      0x008ea01f
                                                      0x008ea027
                                                      0x008ea02f

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: HeapProcess
                                                      • String ID:
                                                      • API String ID: 54951025-0
                                                      • Opcode ID: 917540bf31145d319c24e277d7206defaef077dfa427feb6351e47b3ff02b8a8
                                                      • Instruction ID: 0c90ebed608d89dda66743d35cfdc67744853c0ebfba30a25b41edb6c868560d
                                                      • Opcode Fuzzy Hash: 917540bf31145d319c24e277d7206defaef077dfa427feb6351e47b3ff02b8a8
                                                      • Instruction Fuzzy Hash: BCA00170615246CF97518F35AAC92093AA9BA56AA17258069A509C9161EA288990AB01
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E8F88(void* __ecx) {
				char _v8;
				intOrPtr _t7;
				char _t13;

				_t13 = 0;
				_v8 = 0;
				_t7 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
				_t16 =  *((intOrPtr*)(_t7 + 8));
				if( *((intOrPtr*)(_t7 + 8)) < 0) {
					L2:
					_t13 = 1;
				} else {
					E008E9D1A(_t16,  &_v8);
					if(_v8 != 1) {
						goto L2;
					}
				}
				return _t13;
			}






                                                      0x008e8f95
                                                      0x008e8f97
                                                      0x008e8f9a
                                                      0x008e8f9d
                                                      0x008e8fa0
                                                      0x008e8fb1
                                                      0x008e8fb3
                                                      0x008e8fa2
                                                      0x008e8fa6
                                                      0x008e8faf
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8faf
                                                      0x008e8fb8

                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5db2a8a11326a5ff8aa743765a2555ccbe2a9bef87746982145a959b1fa95989
                                                      • Instruction ID: 28436a92a92f31f08c1455c4a3f86e391374d1037cd84221433bc3aeb081d018
                                                      • Opcode Fuzzy Hash: 5db2a8a11326a5ff8aa743765a2555ccbe2a9bef87746982145a959b1fa95989
                                                      • Instruction Fuzzy Hash: 92E04632A11268EBCB15DB8E8A0498AF2ACFB46B00B210096F505D3200CAB0DE00C7D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E9865(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _t25;
				intOrPtr* _t26;
				intOrPtr _t28;
				intOrPtr* _t29;
				intOrPtr* _t31;
				intOrPtr* _t45;
				intOrPtr* _t46;
				intOrPtr* _t47;
				intOrPtr* _t55;
				intOrPtr* _t70;
				intOrPtr _t74;

				_t74 = _a4;
				_t25 =  *((intOrPtr*)(_t74 + 0x88));
				if(_t25 != 0 && _t25 != 0x901648) {
					_t45 =  *((intOrPtr*)(_t74 + 0x7c));
					if(_t45 != 0 &&  *_t45 == 0) {
						_t46 =  *((intOrPtr*)(_t74 + 0x84));
						if(_t46 != 0 &&  *_t46 == 0) {
							E008E7B20(_t46);
							E008E943E( *((intOrPtr*)(_t74 + 0x88)));
						}
						_t47 =  *((intOrPtr*)(_t74 + 0x80));
						if(_t47 != 0 &&  *_t47 == 0) {
							E008E7B20(_t47);
							E008E953C( *((intOrPtr*)(_t74 + 0x88)));
						}
						E008E7B20( *((intOrPtr*)(_t74 + 0x7c)));
						E008E7B20( *((intOrPtr*)(_t74 + 0x88)));
					}
				}
				_t26 =  *((intOrPtr*)(_t74 + 0x8c));
				if(_t26 != 0 &&  *_t26 == 0) {
					E008E7B20( *((intOrPtr*)(_t74 + 0x90)) - 0xfe);
					E008E7B20( *((intOrPtr*)(_t74 + 0x94)) - 0x80);
					E008E7B20( *((intOrPtr*)(_t74 + 0x98)) - 0x80);
					E008E7B20( *((intOrPtr*)(_t74 + 0x8c)));
				}
				E008E99D6( *((intOrPtr*)(_t74 + 0x9c)));
				_t28 = 6;
				_t55 = _t74 + 0xa0;
				_v8 = _t28;
				_t70 = _t74 + 0x28;
				do {
					if( *((intOrPtr*)(_t70 - 8)) != 0x901120) {
						_t31 =  *_t70;
						if(_t31 != 0 &&  *_t31 == 0) {
							E008E7B20(_t31);
							E008E7B20( *_t55);
						}
						_t28 = _v8;
					}
					if( *((intOrPtr*)(_t70 - 0xc)) != 0) {
						_t29 =  *((intOrPtr*)(_t70 - 4));
						if(_t29 != 0 &&  *_t29 == 0) {
							E008E7B20(_t29);
						}
						_t28 = _v8;
					}
					_t55 = _t55 + 4;
					_t70 = _t70 + 0x10;
					_t28 = _t28 - 1;
					_v8 = _t28;
				} while (_t28 != 0);
				return E008E7B20(_t74);
			}















                                                      0x008e986d
                                                      0x008e9871
                                                      0x008e9879
                                                      0x008e9882
                                                      0x008e9887
                                                      0x008e988e
                                                      0x008e9896
                                                      0x008e989e
                                                      0x008e98a9
                                                      0x008e98af
                                                      0x008e98b0
                                                      0x008e98b8
                                                      0x008e98c0
                                                      0x008e98cb
                                                      0x008e98d1
                                                      0x008e98d5
                                                      0x008e98e0
                                                      0x008e98e6
                                                      0x008e9887
                                                      0x008e98e7
                                                      0x008e98ef
                                                      0x008e9902
                                                      0x008e9915
                                                      0x008e9923
                                                      0x008e992e
                                                      0x008e9933
                                                      0x008e993c
                                                      0x008e9944
                                                      0x008e9945
                                                      0x008e994b
                                                      0x008e994e
                                                      0x008e9951
                                                      0x008e9958
                                                      0x008e995a
                                                      0x008e995e
                                                      0x008e9966
                                                      0x008e996d
                                                      0x008e9973
                                                      0x008e9974
                                                      0x008e9974
                                                      0x008e997b
                                                      0x008e997d
                                                      0x008e9982
                                                      0x008e998a
                                                      0x008e998f
                                                      0x008e9990
                                                      0x008e9990
                                                      0x008e9993
                                                      0x008e9996
                                                      0x008e9999
                                                      0x008e999c
                                                      0x008e999c
                                                      0x008e99ac

                                                      APIs
                                                      • ___free_lconv_mon.LIBCMT ref: 008E98A9
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E945B
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E946D
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E947F
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E9491
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94A3
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94B5
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94C7
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94D9
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94EB
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E94FD
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E950F
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E9521
                                                        • Part of subcall function 008E943E: _free.LIBCMT ref: 008E9533
                                                      • _free.LIBCMT ref: 008E989E
                                                        • Part of subcall function 008E7B20: HeapFree.KERNEL32(00000000,00000000,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?), ref: 008E7B36
                                                        • Part of subcall function 008E7B20: GetLastError.KERNEL32(?,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?,?), ref: 008E7B48
                                                      • _free.LIBCMT ref: 008E98C0
                                                      • _free.LIBCMT ref: 008E98D5
                                                      • _free.LIBCMT ref: 008E98E0
                                                      • _free.LIBCMT ref: 008E9902
                                                      • _free.LIBCMT ref: 008E9915
                                                      • _free.LIBCMT ref: 008E9923
                                                      • _free.LIBCMT ref: 008E992E
                                                      • _free.LIBCMT ref: 008E9966
                                                      • _free.LIBCMT ref: 008E996D
                                                      • _free.LIBCMT ref: 008E998A
                                                      • _free.LIBCMT ref: 008E99A2
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                      • String ID:
                                                      • API String ID: 161543041-0
                                                      • Opcode ID: db94749f2a045f31a527ccf04d32e5bd72fa29aa059e8f05b74607d4e23f5e72
                                                      • Instruction ID: 749ce61ca0fa1f9b22d76ad6bfd68c6e87391c13ccbb24f86182cc67b285532e
                                                      • Opcode Fuzzy Hash: db94749f2a045f31a527ccf04d32e5bd72fa29aa059e8f05b74607d4e23f5e72
                                                      • Instruction Fuzzy Hash: 25316D31A043809FEB35AA3EE845B5A77E9FF42320F544429E499D71A2DFB0EC80CB15
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 63%
                                                      			E008E3DBB(signed int __ecx, signed int __edx, signed char* _a4, signed int _a8, signed int _a12, char _a16, signed int* _a20, char _a24, signed int _a28, signed int _a32) {
				signed char* _v0;
				char _v5;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				char _v28;
				char _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr* _v48;
				signed int _v52;
				signed int* _v56;
				intOrPtr _v60;
				void _v64;
				signed int _v68;
				void* _v72;
				char _v88;
				intOrPtr _v92;
				signed int _v96;
				intOrPtr _v104;
				void _v108;
				intOrPtr* _v116;
				signed char* _v188;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t203;
				void* _t204;
				signed int _t205;
				char _t206;
				signed int _t208;
				signed int _t210;
				signed char* _t211;
				signed int _t212;
				signed int _t213;
				signed int _t217;
				void* _t220;
				signed char* _t223;
				void* _t225;
				void* _t226;
				signed char _t230;
				signed int _t231;
				void* _t233;
				signed int _t234;
				void* _t237;
				void* _t240;
				signed char _t247;
				intOrPtr* _t252;
				void* _t255;
				signed int* _t257;
				signed int _t258;
				intOrPtr _t259;
				signed int _t260;
				void* _t265;
				void* _t270;
				void* _t271;
				signed char* _t274;
				intOrPtr* _t275;
				signed char _t276;
				signed int _t277;
				signed int _t278;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				intOrPtr _t298;
				signed int _t300;
				signed int _t302;
				signed char* _t303;
				signed int _t304;
				signed int _t305;
				signed int* _t307;
				signed char* _t310;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t332;
				void* _t334;
				void* _t336;
				void* _t337;
				void* _t338;
				void* _t339;

				_t302 = __edx;
				_t279 = __ecx;
				_push(_t321);
				_t307 = _a20;
				_v32 = 0;
				_v5 = 0;
				_t203 = E008E4D54(_a8, _a16, _t307);
				_t337 = _t336 + 0xc;
				_v16 = _t203;
				if(_t203 < 0xffffffff || _t203 >= _t307[1]) {
					L69:
					_t204 = E008E6F69(_t274, _t279, _t302, _t307, _t321);
					asm("int3");
					_t334 = _t337;
					_t338 = _t337 - 0x38;
					_push(_t274);
					_t275 = _v116;
					__eflags =  *_t275 - 0x80000003;
					if( *_t275 == 0x80000003) {
						return _t204;
					} else {
						_push(_t321);
						_push(_t307);
						_t205 = E008E3A76(_t275, _t279, _t302, _t307, _t321);
						__eflags =  *(_t205 + 8);
						if( *(_t205 + 8) != 0) {
							__imp__EncodePointer(0);
							_t321 = _t205;
							_t225 = E008E3A76(_t275, _t279, _t302, 0, _t321);
							__eflags =  *((intOrPtr*)(_t225 + 8)) - _t321;
							if( *((intOrPtr*)(_t225 + 8)) != _t321) {
								__eflags =  *_t275 - 0xe0434f4d;
								if( *_t275 != 0xe0434f4d) {
									__eflags =  *_t275 - 0xe0434352;
									if( *_t275 != 0xe0434352) {
										_t217 = E008E3162(_t275, _a4, _a8, _a12, _a16, _a24, _a28);
										_t338 = _t338 + 0x1c;
										__eflags = _t217;
										if(_t217 != 0) {
											L86:
											return _t217;
										}
									}
								}
							}
						}
						_t206 = _a16;
						_v28 = _t206;
						_v24 = 0;
						__eflags =  *(_t206 + 0xc);
						if( *(_t206 + 0xc) > 0) {
							_push(_a24);
							E008E3094(_t275, _t279, 0, _t321,  &_v44,  &_v28, _a20, _a12, _t206);
							_t304 = _v40;
							_t339 = _t338 + 0x18;
							_t217 = _v44;
							_v20 = _t217;
							_v12 = _t304;
							__eflags = _t304 - _v32;
							if(_t304 >= _v32) {
								goto L86;
							}
							_t281 = _t304 * 0x14;
							__eflags = _t281;
							_v16 = _t281;
							do {
								_t282 = 5;
								_t220 = memcpy( &_v64,  *((intOrPtr*)( *_t217 + 0x10)) + _t281, _t282 << 2);
								_t339 = _t339 + 0xc;
								__eflags = _v64 - _t220;
								if(_v64 > _t220) {
									goto L85;
								}
								__eflags = _t220 - _v60;
								if(_t220 > _v60) {
									goto L85;
								}
								_t223 = _v48 + 0xfffffff0 + (_v52 << 4);
								_t287 = _t223[4];
								__eflags = _t287;
								if(_t287 == 0) {
									L83:
									__eflags =  *_t223 & 0x00000040;
									if(( *_t223 & 0x00000040) == 0) {
										_push(0);
										_push(1);
										E008E3D3B(_t304, _t275, _a4, _a8, _a12, _a16, _t223, 0,  &_v64, _a24, _a28);
										_t304 = _v12;
										_t339 = _t339 + 0x30;
									}
									goto L85;
								}
								__eflags =  *((char*)(_t287 + 8));
								if( *((char*)(_t287 + 8)) != 0) {
									goto L85;
								}
								goto L83;
								L85:
								_t304 = _t304 + 1;
								_t217 = _v20;
								_t281 = _v16 + 0x14;
								_v12 = _t304;
								_v16 = _t281;
								__eflags = _t304 - _v32;
							} while (_t304 < _v32);
							goto L86;
						}
						E008E6F69(_t275, _t279, _t302, 0, _t321);
						asm("int3");
						_push(_t334);
						_t303 = _v188;
						_push(_t275);
						_push(_t321);
						_push(0);
						_t208 = _t303[4];
						__eflags = _t208;
						if(_t208 == 0) {
							L111:
							_t210 = 1;
							__eflags = 1;
						} else {
							_t280 = _t208 + 8;
							__eflags =  *_t280;
							if( *_t280 == 0) {
								goto L111;
							} else {
								__eflags =  *_t303 & 0x00000080;
								_t310 = _v0;
								if(( *_t303 & 0x00000080) == 0) {
									L93:
									_t276 = _t310[4];
									_t323 = 0;
									__eflags = _t208 - _t276;
									if(_t208 == _t276) {
										L103:
										__eflags =  *_t310 & 0x00000002;
										if(( *_t310 & 0x00000002) == 0) {
											L105:
											_t211 = _a4;
											__eflags =  *_t211 & 0x00000001;
											if(( *_t211 & 0x00000001) == 0) {
												L107:
												__eflags =  *_t211 & 0x00000002;
												if(( *_t211 & 0x00000002) == 0) {
													L109:
													_t323 = 1;
													__eflags = 1;
												} else {
													__eflags =  *_t303 & 0x00000002;
													if(( *_t303 & 0x00000002) != 0) {
														goto L109;
													}
												}
											} else {
												__eflags =  *_t303 & 0x00000001;
												if(( *_t303 & 0x00000001) != 0) {
													goto L107;
												}
											}
										} else {
											__eflags =  *_t303 & 0x00000008;
											if(( *_t303 & 0x00000008) != 0) {
												goto L105;
											}
										}
										_t210 = _t323;
									} else {
										_t187 = _t276 + 8; // 0x6e
										_t212 = _t187;
										while(1) {
											_t277 =  *_t280;
											__eflags = _t277 -  *_t212;
											if(_t277 !=  *_t212) {
												break;
											}
											__eflags = _t277;
											if(_t277 == 0) {
												L99:
												_t213 = _t323;
											} else {
												_t278 =  *((intOrPtr*)(_t280 + 1));
												__eflags = _t278 -  *((intOrPtr*)(_t212 + 1));
												if(_t278 !=  *((intOrPtr*)(_t212 + 1))) {
													break;
												} else {
													_t280 = _t280 + 2;
													_t212 = _t212 + 2;
													__eflags = _t278;
													if(_t278 != 0) {
														continue;
													} else {
														goto L99;
													}
												}
											}
											L101:
											__eflags = _t213;
											if(_t213 == 0) {
												goto L103;
											} else {
												_t210 = 0;
											}
											goto L112;
										}
										asm("sbb eax, eax");
										_t213 = _t212 | 0x00000001;
										__eflags = _t213;
										goto L101;
									}
								} else {
									__eflags =  *_t310 & 0x00000010;
									if(( *_t310 & 0x00000010) != 0) {
										goto L111;
									} else {
										goto L93;
									}
								}
							}
						}
						L112:
						return _t210;
					}
				} else {
					_t274 = _a4;
					if( *_t274 != 0xe06d7363 || _t274[0x10] != 3 || _t274[0x14] != 0x19930520 && _t274[0x14] != 0x19930521 && _t274[0x14] != 0x19930522) {
						_t321 = 0;
						__eflags = 0;
						goto L24;
					} else {
						_t321 = 0;
						if(_t274[0x1c] != 0) {
							L24:
							_t279 = _a12;
							_v12 = _t279;
							goto L26;
						} else {
							_t226 = E008E3A76(_t274, _t279, _t302, _t307, 0);
							if( *((intOrPtr*)(_t226 + 0x10)) == 0) {
								L63:
								return _t226;
							} else {
								_t274 =  *(E008E3A76(_t274, _t279, _t302, _t307, 0) + 0x10);
								_t265 = E008E3A76(_t274, _t279, _t302, _t307, 0);
								_v32 = 1;
								_v12 =  *((intOrPtr*)(_t265 + 0x14));
								if(_t274 == 0 ||  *_t274 == 0xe06d7363 && _t274[0x10] == 3 && (_t274[0x14] == 0x19930520 || _t274[0x14] == 0x19930521 || _t274[0x14] == 0x19930522) && _t274[0x1c] == _t321) {
									goto L69;
								} else {
									if( *((intOrPtr*)(E008E3A76(_t274, _t279, _t302, _t307, _t321) + 0x1c)) == _t321) {
										L25:
										_t279 = _v12;
										_t203 = _v16;
										L26:
										_v56 = _t307;
										_v52 = _t321;
										__eflags =  *_t274 - 0xe06d7363;
										if( *_t274 != 0xe06d7363) {
											L59:
											__eflags = _t307[3] - _t321;
											if(_t307[3] <= _t321) {
												goto L62;
											} else {
												__eflags = _a24;
												if(_a24 != 0) {
													goto L69;
												} else {
													_push(_a32);
													_push(_a28);
													_push(_t203);
													_push(_t307);
													_push(_a16);
													_push(_t279);
													_push(_a8);
													_push(_t274);
													L70();
													_t337 = _t337 + 0x20;
													goto L62;
												}
											}
										} else {
											__eflags = _t274[0x10] - 3;
											if(_t274[0x10] != 3) {
												goto L59;
											} else {
												__eflags = _t274[0x14] - 0x19930520;
												if(_t274[0x14] == 0x19930520) {
													L31:
													__eflags = _t307[3] - _t321;
													if(_t307[3] > _t321) {
														_push(_a28);
														E008E3094(_t274, _t279, _t307, _t321,  &_v72,  &_v56, _t203, _a16, _t307);
														_t302 = _v68;
														_t337 = _t337 + 0x18;
														_t252 = _v72;
														_v48 = _t252;
														_v20 = _t302;
														__eflags = _t302 - _v60;
														if(_t302 < _v60) {
															_t294 = _t302 * 0x14;
															__eflags = _t294;
															_v36 = _t294;
															do {
																_t295 = 5;
																_t255 = memcpy( &_v108,  *((intOrPtr*)( *_t252 + 0x10)) + _t294, _t295 << 2);
																_t337 = _t337 + 0xc;
																__eflags = _v108 - _t255;
																if(_v108 <= _t255) {
																	__eflags = _t255 - _v104;
																	if(_t255 <= _v104) {
																		_t298 = 0;
																		_v24 = 0;
																		__eflags = _v96;
																		if(_v96 != 0) {
																			_t257 =  *(_t274[0x1c] + 0xc);
																			_t305 =  *_t257;
																			_t258 =  &(_t257[1]);
																			__eflags = _t258;
																			_v40 = _t258;
																			_t259 = _v92;
																			_v44 = _t305;
																			_v28 = _t259;
																			do {
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				asm("movsd");
																				_t320 = _v40;
																				_t332 = _t305;
																				__eflags = _t332;
																				if(_t332 <= 0) {
																					goto L42;
																				} else {
																					while(1) {
																						_push(_t274[0x1c]);
																						_t260 =  &_v88;
																						_push( *_t320);
																						_push(_t260);
																						L89();
																						_t337 = _t337 + 0xc;
																						__eflags = _t260;
																						if(_t260 != 0) {
																							break;
																						}
																						_t332 = _t332 - 1;
																						_t320 = _t320 + 4;
																						__eflags = _t332;
																						if(_t332 > 0) {
																							continue;
																						} else {
																							_t298 = _v24;
																							_t259 = _v28;
																							_t305 = _v44;
																							goto L42;
																						}
																						goto L45;
																					}
																					_push(_a24);
																					_v5 = 1;
																					_push(_v32);
																					E008E3D3B(_t305, _t274, _a8, _v12, _a16, _a20,  &_v88,  *_t320,  &_v108, _a28, _a32);
																					_t337 = _t337 + 0x30;
																				}
																				L45:
																				_t302 = _v20;
																				goto L46;
																				L42:
																				_t298 = _t298 + 1;
																				_t259 = _t259 + 0x10;
																				_v24 = _t298;
																				_v28 = _t259;
																				__eflags = _t298 - _v96;
																			} while (_t298 != _v96);
																			goto L45;
																		}
																	}
																}
																L46:
																_t302 = _t302 + 1;
																_t252 = _v48;
																_t294 = _v36 + 0x14;
																_v20 = _t302;
																_v36 = _t294;
																__eflags = _t302 - _v60;
															} while (_t302 < _v60);
															_t307 = _a20;
															_t321 = 0;
															__eflags = 0;
														}
													}
													__eflags = _a24;
													if(__eflags != 0) {
														_push(1);
														E008E34BD(_t279, _t302, __eflags);
														_t279 = _t274;
													}
													__eflags = _v5;
													if(_v5 != 0) {
														L62:
														_t226 = E008E3A76(_t274, _t279, _t302, _t307, _t321);
														__eflags =  *((intOrPtr*)(_t226 + 0x1c)) - _t321;
														if( *((intOrPtr*)(_t226 + 0x1c)) != _t321) {
															goto L69;
														} else {
															goto L63;
														}
													} else {
														__eflags = ( *_t307 & 0x1fffffff) - 0x19930521;
														if(( *_t307 & 0x1fffffff) < 0x19930521) {
															goto L62;
														} else {
															__eflags = _t307[7];
															if(_t307[7] != 0) {
																L55:
																_t230 = _t307[8] >> 2;
																__eflags = _t230 & 0x00000001;
																if((_t230 & 0x00000001) == 0) {
																	_push(_t307[7]);
																	_t231 = E008E47D6(_t274, _t307, _t321, _t274);
																	_pop(_t279);
																	__eflags = _t231;
																	if(_t231 == 0) {
																		goto L66;
																	} else {
																		goto L62;
																	}
																} else {
																	 *(E008E3A76(_t274, _t279, _t302, _t307, _t321) + 0x10) = _t274;
																	_t240 = E008E3A76(_t274, _t279, _t302, _t307, _t321);
																	_t290 = _v12;
																	 *((intOrPtr*)(_t240 + 0x14)) = _v12;
																	goto L64;
																}
															} else {
																_t247 = _t307[8] >> 2;
																__eflags = _t247 & 0x00000001;
																if((_t247 & 0x00000001) == 0) {
																	goto L62;
																} else {
																	__eflags = _a28;
																	if(_a28 != 0) {
																		goto L62;
																	} else {
																		goto L55;
																	}
																}
															}
														}
													}
												} else {
													__eflags = _t274[0x14] - 0x19930521;
													if(_t274[0x14] == 0x19930521) {
														goto L31;
													} else {
														__eflags = _t274[0x14] - 0x19930522;
														if(_t274[0x14] != 0x19930522) {
															goto L59;
														} else {
															goto L31;
														}
													}
												}
											}
										}
									} else {
										_v20 =  *((intOrPtr*)(E008E3A76(_t274, _t279, _t302, _t307, _t321) + 0x1c));
										_t270 = E008E3A76(_t274, _t279, _t302, _t307, _t321);
										_push(_v20);
										 *(_t270 + 0x1c) = _t321;
										_t271 = E008E47D6(_t274, _t307, _t321, _t274);
										_pop(_t290);
										if(_t271 != 0) {
											goto L25;
										} else {
											_t307 = _v20;
											_t358 =  *_t307 - _t321;
											if( *_t307 <= _t321) {
												L64:
												E008E6F2D(_t274, _t290, _t302, _t307, __eflags);
											} else {
												_t300 = _t321;
												_v20 = _t321;
												while(1) {
													_t290 =  *((intOrPtr*)(_t300 + _t307[1] + 4));
													if(E008E446A( *((intOrPtr*)(_t300 + _t307[1] + 4)), _t358, 0x9018d8) != 0) {
														goto L65;
													}
													_t321 = _t321 + 1;
													_t290 = _v20 + 0x10;
													_v20 = _v20 + 0x10;
													_t358 = _t321 -  *_t307;
													if(_t321 >=  *_t307) {
														goto L64;
													} else {
														continue;
													}
													goto L65;
												}
											}
											L65:
											_push(1);
											_push(_t274);
											E008E34BD(_t290, _t302, __eflags);
											_t279 =  &_v68;
											E008E4452( &_v68);
											E008E3676( &_v68, 0x9002fc);
											L66:
											 *(E008E3A76(_t274, _t279, _t302, _t307, _t321) + 0x10) = _t274;
											_t233 = E008E3A76(_t274, _t279, _t302, _t307, _t321);
											_t279 = _v12;
											 *(_t233 + 0x14) = _v12;
											_t234 = _a32;
											__eflags = _t234;
											if(_t234 == 0) {
												_t234 = _a8;
											}
											E008E3278(_t279, _t234, _t274);
											E008E46D6(_a8, _a16, _t307);
											_t237 = E008E4893(_t307);
											_t337 = _t337 + 0x10;
											_push(_t237);
											E008E464D(_t274, _t279, _t302, _t307, _t321, __eflags);
											goto L69;
										}
									}
								}
							}
						}
					}
				}
			}


























































































                                                      0x008e3dbb
                                                      0x008e3dbb
                                                      0x008e3dc2
                                                      0x008e3dc4
                                                      0x008e3dcd
                                                      0x008e3dd3
                                                      0x008e3dd6
                                                      0x008e3ddb
                                                      0x008e3dde
                                                      0x008e3de4
                                                      0x008e416b
                                                      0x008e416b
                                                      0x008e4170
                                                      0x008e4172
                                                      0x008e4174
                                                      0x008e4177
                                                      0x008e4178
                                                      0x008e417b
                                                      0x008e4181
                                                      0x008e42a0
                                                      0x008e4187
                                                      0x008e4187
                                                      0x008e4188
                                                      0x008e4189
                                                      0x008e4190
                                                      0x008e4193
                                                      0x008e4196
                                                      0x008e419c
                                                      0x008e419e
                                                      0x008e41a3
                                                      0x008e41a6
                                                      0x008e41a8
                                                      0x008e41ae
                                                      0x008e41b0
                                                      0x008e41b6
                                                      0x008e41cb
                                                      0x008e41d0
                                                      0x008e41d3
                                                      0x008e41d5
                                                      0x008e429c
                                                      0x00000000
                                                      0x008e429d
                                                      0x008e41d5
                                                      0x008e41b6
                                                      0x008e41ae
                                                      0x008e41a6
                                                      0x008e41db
                                                      0x008e41de
                                                      0x008e41e1
                                                      0x008e41e4
                                                      0x008e41e7
                                                      0x008e41ed
                                                      0x008e41ff
                                                      0x008e4204
                                                      0x008e4207
                                                      0x008e420a
                                                      0x008e420d
                                                      0x008e4210
                                                      0x008e4213
                                                      0x008e4216
                                                      0x00000000
                                                      0x00000000
                                                      0x008e421c
                                                      0x008e421c
                                                      0x008e421f
                                                      0x008e4222
                                                      0x008e4231
                                                      0x008e4232
                                                      0x008e4232
                                                      0x008e4234
                                                      0x008e4237
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4239
                                                      0x008e423c
                                                      0x00000000
                                                      0x00000000
                                                      0x008e424a
                                                      0x008e424c
                                                      0x008e424f
                                                      0x008e4251
                                                      0x008e4259
                                                      0x008e4259
                                                      0x008e425c
                                                      0x008e425e
                                                      0x008e4260
                                                      0x008e427c
                                                      0x008e4281
                                                      0x008e4284
                                                      0x008e4284
                                                      0x00000000
                                                      0x008e425c
                                                      0x008e4253
                                                      0x008e4257
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4287
                                                      0x008e428a
                                                      0x008e428b
                                                      0x008e428e
                                                      0x008e4291
                                                      0x008e4294
                                                      0x008e4297
                                                      0x008e4297
                                                      0x00000000
                                                      0x008e4222
                                                      0x008e42a1
                                                      0x008e42a6
                                                      0x008e42a7
                                                      0x008e42aa
                                                      0x008e42ad
                                                      0x008e42ae
                                                      0x008e42af
                                                      0x008e42b0
                                                      0x008e42b3
                                                      0x008e42b5
                                                      0x008e432d
                                                      0x008e432f
                                                      0x008e432f
                                                      0x008e42b7
                                                      0x008e42b7
                                                      0x008e42ba
                                                      0x008e42bd
                                                      0x00000000
                                                      0x008e42bf
                                                      0x008e42bf
                                                      0x008e42c2
                                                      0x008e42c5
                                                      0x008e42cc
                                                      0x008e42cc
                                                      0x008e42cf
                                                      0x008e42d1
                                                      0x008e42d3
                                                      0x008e4305
                                                      0x008e4305
                                                      0x008e4308
                                                      0x008e430f
                                                      0x008e430f
                                                      0x008e4312
                                                      0x008e4315
                                                      0x008e431c
                                                      0x008e431c
                                                      0x008e431f
                                                      0x008e4326
                                                      0x008e4328
                                                      0x008e4328
                                                      0x008e4321
                                                      0x008e4321
                                                      0x008e4324
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4324
                                                      0x008e4317
                                                      0x008e4317
                                                      0x008e431a
                                                      0x00000000
                                                      0x00000000
                                                      0x008e431a
                                                      0x008e430a
                                                      0x008e430a
                                                      0x008e430d
                                                      0x00000000
                                                      0x00000000
                                                      0x008e430d
                                                      0x008e4329
                                                      0x008e42d5
                                                      0x008e42d5
                                                      0x008e42d5
                                                      0x008e42d8
                                                      0x008e42d8
                                                      0x008e42da
                                                      0x008e42dc
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42de
                                                      0x008e42e0
                                                      0x008e42f4
                                                      0x008e42f4
                                                      0x008e42e2
                                                      0x008e42e2
                                                      0x008e42e5
                                                      0x008e42e8
                                                      0x00000000
                                                      0x008e42ea
                                                      0x008e42ea
                                                      0x008e42ed
                                                      0x008e42f0
                                                      0x008e42f2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42f2
                                                      0x008e42e8
                                                      0x008e42fd
                                                      0x008e42fd
                                                      0x008e42ff
                                                      0x00000000
                                                      0x008e4301
                                                      0x008e4301
                                                      0x008e4301
                                                      0x00000000
                                                      0x008e42ff
                                                      0x008e42f8
                                                      0x008e42fa
                                                      0x008e42fa
                                                      0x00000000
                                                      0x008e42fa
                                                      0x008e42c7
                                                      0x008e42c7
                                                      0x008e42ca
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42ca
                                                      0x008e42c5
                                                      0x008e42bd
                                                      0x008e4330
                                                      0x008e4334
                                                      0x008e4334
                                                      0x008e3df3
                                                      0x008e3df3
                                                      0x008e3dfc
                                                      0x008e3efe
                                                      0x008e3efe
                                                      0x00000000
                                                      0x008e3e2b
                                                      0x008e3e2b
                                                      0x008e3e30
                                                      0x008e3f00
                                                      0x008e3f00
                                                      0x008e3f03
                                                      0x00000000
                                                      0x008e3e36
                                                      0x008e3e36
                                                      0x008e3e3e
                                                      0x008e4102
                                                      0x008e4106
                                                      0x008e3e44
                                                      0x008e3e49
                                                      0x008e3e4c
                                                      0x008e3e51
                                                      0x008e3e58
                                                      0x008e3e5d
                                                      0x00000000
                                                      0x008e3e95
                                                      0x008e3e9d
                                                      0x008e3f08
                                                      0x008e3f08
                                                      0x008e3f0b
                                                      0x008e3f0e
                                                      0x008e3f0e
                                                      0x008e3f11
                                                      0x008e3f14
                                                      0x008e3f1a
                                                      0x008e40d1
                                                      0x008e40d1
                                                      0x008e40d4
                                                      0x00000000
                                                      0x008e40d6
                                                      0x008e40d6
                                                      0x008e40da
                                                      0x00000000
                                                      0x008e40e0
                                                      0x008e40e0
                                                      0x008e40e3
                                                      0x008e40e6
                                                      0x008e40e7
                                                      0x008e40e8
                                                      0x008e40eb
                                                      0x008e40ec
                                                      0x008e40ef
                                                      0x008e40f0
                                                      0x008e40f5
                                                      0x00000000
                                                      0x008e40f5
                                                      0x008e40da
                                                      0x008e3f20
                                                      0x008e3f20
                                                      0x008e3f24
                                                      0x00000000
                                                      0x008e3f2a
                                                      0x008e3f2a
                                                      0x008e3f31
                                                      0x008e3f49
                                                      0x008e3f49
                                                      0x008e3f4c
                                                      0x008e3f52
                                                      0x008e3f62
                                                      0x008e3f67
                                                      0x008e3f6a
                                                      0x008e3f6d
                                                      0x008e3f70
                                                      0x008e3f73
                                                      0x008e3f76
                                                      0x008e3f79
                                                      0x008e3f7f
                                                      0x008e3f7f
                                                      0x008e3f82
                                                      0x008e3f85
                                                      0x008e3f94
                                                      0x008e3f95
                                                      0x008e3f95
                                                      0x008e3f97
                                                      0x008e3f9a
                                                      0x008e3fa0
                                                      0x008e3fa3
                                                      0x008e3fa9
                                                      0x008e3fab
                                                      0x008e3fae
                                                      0x008e3fb1
                                                      0x008e3fba
                                                      0x008e3fbd
                                                      0x008e3fbf
                                                      0x008e3fbf
                                                      0x008e3fc2
                                                      0x008e3fc5
                                                      0x008e3fc8
                                                      0x008e3fcb
                                                      0x008e3fce
                                                      0x008e3fd3
                                                      0x008e3fd4
                                                      0x008e3fd5
                                                      0x008e3fd6
                                                      0x008e3fd7
                                                      0x008e3fda
                                                      0x008e3fdc
                                                      0x008e3fde
                                                      0x00000000
                                                      0x008e3fe0
                                                      0x008e3fe0
                                                      0x008e3fe0
                                                      0x008e3fe3
                                                      0x008e3fe6
                                                      0x008e3fe8
                                                      0x008e3fe9
                                                      0x008e3fee
                                                      0x008e3ff1
                                                      0x008e3ff3
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3ff5
                                                      0x008e3ff6
                                                      0x008e3ff9
                                                      0x008e3ffb
                                                      0x00000000
                                                      0x008e3ffd
                                                      0x008e3ffd
                                                      0x008e4000
                                                      0x008e4003
                                                      0x00000000
                                                      0x008e4003
                                                      0x00000000
                                                      0x008e3ffb
                                                      0x008e4017
                                                      0x008e401d
                                                      0x008e4021
                                                      0x008e403e
                                                      0x008e4043
                                                      0x008e4043
                                                      0x008e4046
                                                      0x008e4046
                                                      0x00000000
                                                      0x008e4006
                                                      0x008e4006
                                                      0x008e4007
                                                      0x008e400a
                                                      0x008e400d
                                                      0x008e4010
                                                      0x008e4010
                                                      0x00000000
                                                      0x008e4015
                                                      0x008e3fb1
                                                      0x008e3fa3
                                                      0x008e4049
                                                      0x008e404c
                                                      0x008e404d
                                                      0x008e4050
                                                      0x008e4053
                                                      0x008e4056
                                                      0x008e4059
                                                      0x008e4059
                                                      0x008e4062
                                                      0x008e4065
                                                      0x008e4065
                                                      0x008e4065
                                                      0x008e3f79
                                                      0x008e4067
                                                      0x008e406b
                                                      0x008e406d
                                                      0x008e4070
                                                      0x008e4076
                                                      0x008e4076
                                                      0x008e4077
                                                      0x008e407b
                                                      0x008e40f8
                                                      0x008e40f8
                                                      0x008e40fd
                                                      0x008e4100
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e407d
                                                      0x008e4084
                                                      0x008e4089
                                                      0x00000000
                                                      0x008e408b
                                                      0x008e408b
                                                      0x008e408f
                                                      0x008e40a1
                                                      0x008e40a4
                                                      0x008e40a7
                                                      0x008e40a9
                                                      0x008e40c0
                                                      0x008e40c4
                                                      0x008e40ca
                                                      0x008e40cb
                                                      0x008e40cd
                                                      0x00000000
                                                      0x008e40cf
                                                      0x00000000
                                                      0x008e40cf
                                                      0x008e40ab
                                                      0x008e40b0
                                                      0x008e40b3
                                                      0x008e40b8
                                                      0x008e40bb
                                                      0x00000000
                                                      0x008e40bb
                                                      0x008e4091
                                                      0x008e4094
                                                      0x008e4097
                                                      0x008e4099
                                                      0x00000000
                                                      0x008e409b
                                                      0x008e409b
                                                      0x008e409f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e409f
                                                      0x008e4099
                                                      0x008e408f
                                                      0x008e4089
                                                      0x008e3f33
                                                      0x008e3f33
                                                      0x008e3f3a
                                                      0x00000000
                                                      0x008e3f3c
                                                      0x008e3f3c
                                                      0x008e3f43
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3f43
                                                      0x008e3f3a
                                                      0x008e3f31
                                                      0x008e3f24
                                                      0x008e3e9f
                                                      0x008e3ea7
                                                      0x008e3eaa
                                                      0x008e3eaf
                                                      0x008e3eb3
                                                      0x008e3eb6
                                                      0x008e3ebc
                                                      0x008e3ebf
                                                      0x00000000
                                                      0x008e3ec1
                                                      0x008e3ec1
                                                      0x008e3ec4
                                                      0x008e3ec6
                                                      0x008e4107
                                                      0x008e4107
                                                      0x008e3ecc
                                                      0x008e3ecc
                                                      0x008e3ece
                                                      0x008e3ed1
                                                      0x008e3ed9
                                                      0x008e3ee4
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3eed
                                                      0x008e3eee
                                                      0x008e3ef1
                                                      0x008e3ef4
                                                      0x008e3ef6
                                                      0x00000000
                                                      0x008e3efc
                                                      0x00000000
                                                      0x008e3efc
                                                      0x00000000
                                                      0x008e3ef6
                                                      0x008e3ed1
                                                      0x008e410c
                                                      0x008e410c
                                                      0x008e410e
                                                      0x008e410f
                                                      0x008e4116
                                                      0x008e4119
                                                      0x008e4127
                                                      0x008e412c
                                                      0x008e4131
                                                      0x008e4134
                                                      0x008e4139
                                                      0x008e413c
                                                      0x008e413f
                                                      0x008e4142
                                                      0x008e4144
                                                      0x008e4146
                                                      0x008e4146
                                                      0x008e414b
                                                      0x008e4157
                                                      0x008e415d
                                                      0x008e4162
                                                      0x008e4165
                                                      0x008e4166
                                                      0x00000000
                                                      0x008e4166
                                                      0x008e3ebf
                                                      0x008e3e9d
                                                      0x008e3e5d
                                                      0x008e3e3e
                                                      0x008e3e30
                                                      0x008e3dfc

                                                      APIs
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 008E3EB6
                                                      • type_info::operator==.LIBVCRUNTIME ref: 008E3EDD
                                                      • ___TypeMatch.LIBVCRUNTIME ref: 008E3FE9
                                                      • IsInExceptionSpec.LIBVCRUNTIME ref: 008E40C4
                                                      • _UnwindNestedFrames.LIBCMT ref: 008E414B
                                                      • CallUnexpected.LIBVCRUNTIME ref: 008E4166
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ExceptionSpec$CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                      • String ID: csm$csm$csm
                                                      • API String ID: 2123188842-393685449
                                                      • Opcode ID: 22d95601e3530c7d15ac6192d4e4baec71d878ae68766276c4cda8c209157ace
                                                      • Instruction ID: fe3e738252abeeb8ca25591b98c01484ccc4a62379bc0ae8f91c8fabbfd0c399
                                                      • Opcode Fuzzy Hash: 22d95601e3530c7d15ac6192d4e4baec71d878ae68766276c4cda8c209157ace
                                                      • Instruction Fuzzy Hash: 3BC19E31C00699DFCF25DFAAC8859AEBBB5FF56310F004169E814AB252D731DE91CB92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 77%
                                                      			E008E7611(void* __edx, void* __esi, char _a4) {
				char _v5;
				char _v12;
				char _v16;
				char _v20;
				void* __ebp;
				char _t55;
				char _t61;
				intOrPtr _t67;
				void* _t71;
				void* _t72;

				_t72 = __esi;
				_t71 = __edx;
				_t36 = _a4;
				_t67 =  *_a4;
				_t76 = _t67 - 0x8efcb8;
				if(_t67 != 0x8efcb8) {
					E008E7B20(_t67);
					_t36 = _a4;
				}
				E008E7B20( *((intOrPtr*)(_t36 + 0x3c)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x30)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x34)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x38)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x28)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x2c)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x40)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x44)));
				E008E7B20( *((intOrPtr*)(_a4 + 0x360)));
				_v16 =  &_a4;
				_t55 = 5;
				_v12 = _t55;
				_v20 = _t55;
				_push( &_v12);
				_push( &_v16);
				_push( &_v20);
				E008E743D( &_v5, _t71, _t76);
				_v16 =  &_a4;
				_t61 = 4;
				_v20 = _t61;
				_v12 = _t61;
				_push( &_v20);
				_push( &_v16);
				_push( &_v12);
				return E008E74A8( &_v5, _t71, _t72, _t76);
			}













                                                      0x008e7611
                                                      0x008e7611
                                                      0x008e7616
                                                      0x008e761c
                                                      0x008e761e
                                                      0x008e7624
                                                      0x008e7627
                                                      0x008e762c
                                                      0x008e762f
                                                      0x008e7633
                                                      0x008e763e
                                                      0x008e7649
                                                      0x008e7654
                                                      0x008e765f
                                                      0x008e766a
                                                      0x008e7675
                                                      0x008e7680
                                                      0x008e768e
                                                      0x008e7699
                                                      0x008e76a1
                                                      0x008e76a2
                                                      0x008e76a5
                                                      0x008e76ab
                                                      0x008e76af
                                                      0x008e76b3
                                                      0x008e76b4
                                                      0x008e76be
                                                      0x008e76c4
                                                      0x008e76c5
                                                      0x008e76c8
                                                      0x008e76ce
                                                      0x008e76d2
                                                      0x008e76d6
                                                      0x008e76dd

                                                      APIs
                                                      • _free.LIBCMT ref: 008E7627
                                                        • Part of subcall function 008E7B20: HeapFree.KERNEL32(00000000,00000000,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?), ref: 008E7B36
                                                        • Part of subcall function 008E7B20: GetLastError.KERNEL32(?,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?,?), ref: 008E7B48
                                                      • _free.LIBCMT ref: 008E7633
                                                      • _free.LIBCMT ref: 008E763E
                                                      • _free.LIBCMT ref: 008E7649
                                                      • _free.LIBCMT ref: 008E7654
                                                      • _free.LIBCMT ref: 008E765F
                                                      • _free.LIBCMT ref: 008E766A
                                                      • _free.LIBCMT ref: 008E7675
                                                      • _free.LIBCMT ref: 008E7680
                                                      • _free.LIBCMT ref: 008E768E
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: e221140497d46ca9e31bc82954ca182371848f913ec9cffd8fbb716a7ddac6cd
                                                      • Instruction ID: e38d5e61451791538c39a69d6d1c43da4f426fdfe340b9ce949d428197d6b11e
                                                      • Opcode Fuzzy Hash: e221140497d46ca9e31bc82954ca182371848f913ec9cffd8fbb716a7ddac6cd
                                                      • Instruction Fuzzy Hash: 6F21D676904188BFCB01EF99E891DDE7BB9FF49350B4041A6B615DB122DB31EA44CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 64%
                                                      			E008E3730(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __eflags, void* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _t52;
				signed int _t59;
				intOrPtr _t60;
				void* _t61;
				intOrPtr* _t62;
				intOrPtr _t64;
				intOrPtr _t67;
				intOrPtr _t72;
				intOrPtr* _t76;
				intOrPtr _t77;
				intOrPtr _t79;
				signed int _t82;
				char _t84;
				intOrPtr _t87;
				intOrPtr _t96;
				intOrPtr _t99;
				intOrPtr* _t101;
				void* _t105;
				void* _t107;
				void* _t115;

				_t76 = _a4;
				_v5 = 0;
				_v16 = 1;
				 *_t76 = E008EED57(__ecx,  *_t76);
				_t77 = _a8;
				_t6 = _t77 + 0x10; // 0x11
				_t99 = _t6;
				_push(_t99);
				_v20 = _t99;
				_v12 =  *(_t77 + 8) ^  *0x901004;
				E008E36F0( *(_t77 + 8) ^  *0x901004);
				E008E48EC(_a12);
				_t52 = _a4;
				_t107 = _t105 - 0x1c + 0x10;
				_t96 =  *((intOrPtr*)(_t77 + 0xc));
				if(( *(_t52 + 4) & 0x00000066) != 0) {
					__eflags = _t96 - 0xfffffffe;
					if(_t96 != 0xfffffffe) {
						E008E4A9C(_t77, 0xfffffffe, _t99, 0x901004);
						goto L13;
					}
					goto L14;
				} else {
					_v32 = _t52;
					_v28 = _a12;
					 *((intOrPtr*)(_t77 - 4)) =  &_v32;
					if(_t96 == 0xfffffffe) {
						L14:
						return _v16;
					} else {
						do {
							_t82 = _v12;
							_t59 = _t96 + (_t96 + 2) * 2;
							_t79 =  *((intOrPtr*)(_t82 + _t59 * 4));
							_t60 = _t82 + _t59 * 4;
							_t83 =  *((intOrPtr*)(_t60 + 4));
							_v24 = _t60;
							if( *((intOrPtr*)(_t60 + 4)) == 0) {
								_t84 = _v5;
								goto L7;
							} else {
								_t61 = E008E4A4C(_t83, _t99);
								_t84 = 1;
								_v5 = 1;
								_t115 = _t61;
								if(_t115 < 0) {
									_v16 = 0;
									L13:
									_push(_t99);
									E008E36F0(_v12);
									goto L14;
								} else {
									if(_t115 > 0) {
										_t62 = _a4;
										__eflags =  *_t62 - 0xe06d7363;
										if( *_t62 == 0xe06d7363) {
											__eflags =  *0x8ef1dc;
											if(__eflags != 0) {
												_t72 = E008EE4C0(__eflags, 0x8ef1dc);
												_t107 = _t107 + 4;
												__eflags = _t72;
												if(_t72 != 0) {
													_t101 =  *0x8ef1dc; // 0x8e34bd
													 *0x8ef138(_a4, 1);
													 *_t101();
													_t99 = _v20;
													_t107 = _t107 + 8;
												}
												_t62 = _a4;
											}
										}
										E008E4A80(_t62, _a8, _t62);
										_t64 = _a8;
										__eflags =  *((intOrPtr*)(_t64 + 0xc)) - _t96;
										if( *((intOrPtr*)(_t64 + 0xc)) != _t96) {
											E008E4A9C(_t64, _t96, _t99, 0x901004);
											_t64 = _a8;
										}
										_push(_t99);
										 *((intOrPtr*)(_t64 + 0xc)) = _t79;
										E008E36F0(_v12);
										_t87 =  *((intOrPtr*)(_v24 + 8));
										E008E4A64();
										asm("int3");
										__eflags = E008E4AB3();
										if(__eflags != 0) {
											_t67 = E008E3B16(_t87, __eflags);
											__eflags = _t67;
											if(_t67 != 0) {
												return 1;
											} else {
												E008E4AEF();
												goto L24;
											}
										} else {
											L24:
											__eflags = 0;
											return 0;
										}
									} else {
										goto L7;
									}
								}
							}
							goto L28;
							L7:
							_t96 = _t79;
						} while (_t79 != 0xfffffffe);
						if(_t84 != 0) {
							goto L13;
						}
						goto L14;
					}
				}
				L28:
			}






























                                                      0x008e3737
                                                      0x008e373c
                                                      0x008e3742
                                                      0x008e374e
                                                      0x008e3750
                                                      0x008e3756
                                                      0x008e3756
                                                      0x008e375f
                                                      0x008e3761
                                                      0x008e3764
                                                      0x008e3767
                                                      0x008e376f
                                                      0x008e3774
                                                      0x008e3777
                                                      0x008e377a
                                                      0x008e3781
                                                      0x008e37dd
                                                      0x008e37e0
                                                      0x008e37ef
                                                      0x00000000
                                                      0x008e37ef
                                                      0x00000000
                                                      0x008e3783
                                                      0x008e3783
                                                      0x008e3789
                                                      0x008e378f
                                                      0x008e3795
                                                      0x008e3800
                                                      0x008e3809
                                                      0x008e3797
                                                      0x008e3797
                                                      0x008e3797
                                                      0x008e379d
                                                      0x008e37a0
                                                      0x008e37a3
                                                      0x008e37a6
                                                      0x008e37a9
                                                      0x008e37ae
                                                      0x008e37c4
                                                      0x00000000
                                                      0x008e37b0
                                                      0x008e37b2
                                                      0x008e37b7
                                                      0x008e37b9
                                                      0x008e37bc
                                                      0x008e37be
                                                      0x008e37d4
                                                      0x008e37f4
                                                      0x008e37f4
                                                      0x008e37f8
                                                      0x00000000
                                                      0x008e37c0
                                                      0x008e37c0
                                                      0x008e380a
                                                      0x008e380d
                                                      0x008e3813
                                                      0x008e3815
                                                      0x008e381c
                                                      0x008e3823
                                                      0x008e3828
                                                      0x008e382b
                                                      0x008e382d
                                                      0x008e382f
                                                      0x008e383c
                                                      0x008e3842
                                                      0x008e3844
                                                      0x008e3847
                                                      0x008e3847
                                                      0x008e384a
                                                      0x008e384a
                                                      0x008e381c
                                                      0x008e3852
                                                      0x008e3857
                                                      0x008e385a
                                                      0x008e385d
                                                      0x008e3869
                                                      0x008e386e
                                                      0x008e386e
                                                      0x008e3871
                                                      0x008e3875
                                                      0x008e3878
                                                      0x008e3885
                                                      0x008e3888
                                                      0x008e388d
                                                      0x008e3893
                                                      0x008e3895
                                                      0x008e389a
                                                      0x008e389f
                                                      0x008e38a1
                                                      0x008e38ac
                                                      0x008e38a3
                                                      0x008e38a3
                                                      0x00000000
                                                      0x008e38a3
                                                      0x008e3897
                                                      0x008e3897
                                                      0x008e3897
                                                      0x008e3899
                                                      0x008e3899
                                                      0x008e37c2
                                                      0x00000000
                                                      0x008e37c2
                                                      0x008e37c0
                                                      0x008e37be
                                                      0x00000000
                                                      0x008e37c7
                                                      0x008e37c7
                                                      0x008e37c9
                                                      0x008e37d0
                                                      0x00000000
                                                      0x008e37d2
                                                      0x00000000
                                                      0x008e37d0
                                                      0x008e3795
                                                      0x00000000

                                                      APIs
                                                      • _ValidateLocalCookies.LIBCMT ref: 008E3767
                                                      • ___except_validate_context_record.LIBVCRUNTIME ref: 008E376F
                                                      • _ValidateLocalCookies.LIBCMT ref: 008E37F8
                                                      • __IsNonwritableInCurrentImage.LIBCMT ref: 008E3823
                                                      • _ValidateLocalCookies.LIBCMT ref: 008E3878
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                      • String ID: csm
                                                      • API String ID: 1170836740-1018135373
                                                      • Opcode ID: 906fabf7f3d2133fae038e04fcfa2fbcfabb7bc0181b104b1d6f42d90d62ce8c
                                                      • Instruction ID: 62a590fb14ff9e1273eb65969b7f39afcb4ca30cef454bed565f4b771780ae3a
                                                      • Opcode Fuzzy Hash: 906fabf7f3d2133fae038e04fcfa2fbcfabb7bc0181b104b1d6f42d90d62ce8c
                                                      • Instruction Fuzzy Hash: 1741B974A002989FCF10DF6ACC8999EBBB5FF46324F148065E918DB352C7319E45CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E9BD0(void* __ecx, signed int* _a4, intOrPtr _a8) {
				signed int* _v8;
				void** _t12;
				void* _t16;
				void* _t18;
				signed int _t22;
				WCHAR* _t23;
				void** _t26;
				signed int* _t29;
				void* _t32;
				void* _t34;

				_t29 = _a4;
				while(_t29 != _a8) {
					_t22 =  *_t29;
					_t12 = 0x902258 + _t22 * 4;
					_t32 =  *_t12;
					_v8 = _t12;
					if(_t32 == 0) {
						_t23 =  *(0x8f0a68 + _t22 * 4);
						_t32 = LoadLibraryExW(_t23, 0, 0x800);
						if(_t32 != 0) {
							L12:
							_t26 = _v8;
							 *_t26 = _t32;
							if( *_t26 != 0) {
								FreeLibrary(_t32);
							}
							L14:
							if(_t32 != 0) {
								_t16 = _t32;
								L18:
								return _t16;
							}
							L15:
							_t29 =  &(_t29[1]);
							continue;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L9:
							_t32 = 0;
							L10:
							if(_t32 != 0) {
								goto L12;
							}
							 *_v8 = _t18 | 0xffffffff;
							goto L15;
						}
						_t18 = E008E7098(_t23, L"api-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = E008E7098(_t23, L"ext-ms-", 7);
						_t34 = _t34 + 0xc;
						if(_t18 == 0) {
							goto L9;
						}
						_t18 = LoadLibraryExW(_t23, _t32, _t32);
						_t32 = _t18;
						goto L10;
					}
					if(_t32 == 0xffffffff) {
						goto L15;
					}
					goto L14;
				}
				_t16 = 0;
				goto L18;
			}













                                                      0x008e9bd9
                                                      0x008e9c83
                                                      0x008e9be1
                                                      0x008e9be3
                                                      0x008e9bea
                                                      0x008e9bec
                                                      0x008e9bf2
                                                      0x008e9bff
                                                      0x008e9c14
                                                      0x008e9c18
                                                      0x008e9c6a
                                                      0x008e9c6a
                                                      0x008e9c6f
                                                      0x008e9c73
                                                      0x008e9c76
                                                      0x008e9c76
                                                      0x008e9c7c
                                                      0x008e9c7e
                                                      0x008e9c93
                                                      0x008e9c8e
                                                      0x008e9c92
                                                      0x008e9c92
                                                      0x008e9c80
                                                      0x008e9c80
                                                      0x00000000
                                                      0x008e9c80
                                                      0x008e9c1a
                                                      0x008e9c23
                                                      0x008e9c5a
                                                      0x008e9c5a
                                                      0x008e9c5c
                                                      0x008e9c5e
                                                      0x00000000
                                                      0x00000000
                                                      0x008e9c66
                                                      0x00000000
                                                      0x008e9c66
                                                      0x008e9c2d
                                                      0x008e9c32
                                                      0x008e9c37
                                                      0x00000000
                                                      0x00000000
                                                      0x008e9c41
                                                      0x008e9c46
                                                      0x008e9c4b
                                                      0x00000000
                                                      0x00000000
                                                      0x008e9c50
                                                      0x008e9c56
                                                      0x00000000
                                                      0x008e9c56
                                                      0x008e9bf7
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e9bfd
                                                      0x008e9c8c
                                                      0x00000000

                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: api-ms-$ext-ms-
                                                      • API String ID: 0-537541572
                                                      • Opcode ID: 8f9189cf55c121e7f3b165f1c62e618176d8a3052d3c90fdfac0ea9d53bf84cc
                                                      • Instruction ID: 0ed86886e064da79820dff9b4575dcfa0dbce5899efb946c99238e7380fb3973
                                                      • Opcode Fuzzy Hash: 8f9189cf55c121e7f3b165f1c62e618176d8a3052d3c90fdfac0ea9d53bf84cc
                                                      • Instruction Fuzzy Hash: 3C21DE719056A5ABCB31AB369C44A1A3798FF53760F350120ED96EB292D7B0ED00C6D0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E95DD(intOrPtr _a4) {
				void* _t18;

				_t45 = _a4;
				if(_a4 != 0) {
					E008E95A5(_t45, 7);
					E008E95A5(_t45 + 0x1c, 7);
					E008E95A5(_t45 + 0x38, 0xc);
					E008E95A5(_t45 + 0x68, 0xc);
					E008E95A5(_t45 + 0x98, 2);
					E008E7B20( *((intOrPtr*)(_t45 + 0xa0)));
					E008E7B20( *((intOrPtr*)(_t45 + 0xa4)));
					E008E7B20( *((intOrPtr*)(_t45 + 0xa8)));
					E008E95A5(_t45 + 0xb4, 7);
					E008E95A5(_t45 + 0xd0, 7);
					E008E95A5(_t45 + 0xec, 0xc);
					E008E95A5(_t45 + 0x11c, 0xc);
					E008E95A5(_t45 + 0x14c, 2);
					E008E7B20( *((intOrPtr*)(_t45 + 0x154)));
					E008E7B20( *((intOrPtr*)(_t45 + 0x158)));
					E008E7B20( *((intOrPtr*)(_t45 + 0x15c)));
					return E008E7B20( *((intOrPtr*)(_t45 + 0x160)));
				}
				return _t18;
			}




                                                      0x008e95e3
                                                      0x008e95e8
                                                      0x008e95f1
                                                      0x008e95fc
                                                      0x008e9607
                                                      0x008e9612
                                                      0x008e9620
                                                      0x008e962b
                                                      0x008e9636
                                                      0x008e9641
                                                      0x008e964f
                                                      0x008e965d
                                                      0x008e966e
                                                      0x008e967c
                                                      0x008e968a
                                                      0x008e9695
                                                      0x008e96a0
                                                      0x008e96ab
                                                      0x00000000
                                                      0x008e96bb
                                                      0x008e96c0

                                                      APIs
                                                        • Part of subcall function 008E95A5: _free.LIBCMT ref: 008E95CA
                                                      • _free.LIBCMT ref: 008E962B
                                                        • Part of subcall function 008E7B20: HeapFree.KERNEL32(00000000,00000000,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?), ref: 008E7B36
                                                        • Part of subcall function 008E7B20: GetLastError.KERNEL32(?,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?,?), ref: 008E7B48
                                                      • _free.LIBCMT ref: 008E9636
                                                      • _free.LIBCMT ref: 008E9641
                                                      • _free.LIBCMT ref: 008E9695
                                                      • _free.LIBCMT ref: 008E96A0
                                                      • _free.LIBCMT ref: 008E96AB
                                                      • _free.LIBCMT ref: 008E96B6
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 54a0666dc9ece4888914f5ffa64f8b9d14be66a89aad8192adaac951458628c2
                                                      • Instruction ID: 9c7154007f0d246d93c6e9914cfcf98344a5df8014145f344fbc33c40f5414a3
                                                      • Opcode Fuzzy Hash: 54a0666dc9ece4888914f5ffa64f8b9d14be66a89aad8192adaac951458628c2
                                                      • Instruction Fuzzy Hash: CB115C31941B88BAE521B7B6CC06FCF779CFF46720F800815B29DE6052DAA6F5064756
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 64%
                                                      			E008EB669(void* __ebx, void* __edi, void* __esi, void* __eflags, void* _a4, signed int _a8, long _a12, intOrPtr _a16) {
				signed int _v8;
				char _v16;
				char _v23;
				char _v24;
				void _v32;
				signed int _v33;
				long _v40;
				long _v44;
				char _v47;
				void _v48;
				intOrPtr _v52;
				long _v56;
				char _v60;
				intOrPtr _v68;
				char _v72;
				struct _OVERLAPPED* _v76;
				signed int _v80;
				signed int _v84;
				intOrPtr _v88;
				signed int _v92;
				long _v96;
				long _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				long _v112;
				void* _v116;
				char _v120;
				int _v124;
				intOrPtr _v128;
				struct _OVERLAPPED* _v132;
				struct _OVERLAPPED* _v136;
				struct _OVERLAPPED* _v140;
				struct _OVERLAPPED* _v144;
				signed int _t172;
				signed int _t174;
				int _t178;
				intOrPtr _t183;
				intOrPtr _t186;
				void* _t188;
				void* _t190;
				long _t193;
				void _t198;
				long _t202;
				void* _t206;
				intOrPtr _t212;
				signed char* _t213;
				char _t216;
				signed int _t219;
				char* _t220;
				void* _t222;
				long _t228;
				intOrPtr _t229;
				char _t231;
				long _t235;
				struct _OVERLAPPED* _t243;
				signed int _t246;
				intOrPtr _t249;
				signed int _t252;
				signed int _t253;
				signed int _t255;
				struct _OVERLAPPED* _t256;
				intOrPtr _t258;
				void* _t262;
				long _t263;
				signed char _t264;
				signed int _t265;
				void* _t266;
				void* _t268;
				struct _OVERLAPPED* _t269;
				long _t270;
				signed int _t271;
				long _t275;
				signed int _t278;
				long _t279;
				struct _OVERLAPPED* _t280;
				signed int _t282;
				intOrPtr _t284;
				signed int _t286;
				signed int _t289;
				long _t290;
				long _t291;
				signed int _t292;
				intOrPtr _t293;
				signed int _t294;
				void* _t295;
				void* _t296;

				_t172 =  *0x901004; // 0x112d3ebc
				_v8 = _t172 ^ _t294;
				_t174 = _a8;
				_t263 = _a12;
				_t282 = (_t174 & 0x0000003f) * 0x38;
				_t246 = _t174 >> 6;
				_v112 = _t263;
				_v84 = _t246;
				_v80 = _t282;
				_t284 = _a16 + _t263;
				_v116 =  *((intOrPtr*)(_t282 +  *((intOrPtr*)(0x902050 + _t246 * 4)) + 0x18));
				_v104 = _t284;
				_t178 = GetConsoleCP();
				_t243 = 0;
				_v124 = _t178;
				E008E59B4( &_v72, _t263, 0);
				asm("stosd");
				_t249 =  *((intOrPtr*)(_v68 + 8));
				_v128 = _t249;
				asm("stosd");
				asm("stosd");
				_t275 = _v112;
				_v40 = _t275;
				if(_t275 >= _t284) {
					L52:
					__eflags = _v60 - _t243;
				} else {
					_t286 = _v92;
					while(1) {
						_v47 =  *_t275;
						_v76 = _t243;
						_v44 = 1;
						_t186 =  *((intOrPtr*)(0x902050 + _v84 * 4));
						_v52 = _t186;
						if(_t249 != 0xfde9) {
							goto L23;
						}
						_t265 = _v80;
						_t212 = _t186 + 0x2e + _t265;
						_t256 = _t243;
						_v108 = _t212;
						while( *((intOrPtr*)(_t212 + _t256)) != _t243) {
							_t256 =  &(_t256->Internal);
							if(_t256 < 5) {
								continue;
							}
							break;
						}
						_t213 = _v40;
						_t278 = _v104 - _t213;
						_v44 = _t256;
						if(_t256 <= 0) {
							_t258 =  *((char*)(( *_t213 & 0x000000ff) + 0x901758)) + 1;
							_v52 = _t258;
							__eflags = _t258 - _t278;
							if(_t258 > _t278) {
								__eflags = _t278;
								if(_t278 <= 0) {
									goto L44;
								} else {
									_t290 = _v40;
									do {
										_t266 = _t265 + _t243;
										_t216 =  *((intOrPtr*)(_t243 + _t290));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t266 +  *((intOrPtr*)(0x902050 + _v84 * 4)) + 0x2e)) = _t216;
										_t265 = _v80;
										__eflags = _t243 - _t278;
									} while (_t243 < _t278);
									goto L43;
								}
							} else {
								_t279 = _v40;
								__eflags = _t258 - 4;
								_v144 = _t243;
								_t260 =  &_v144;
								_v140 = _t243;
								_v56 = _t279;
								_t219 = (0 | _t258 == 0x00000004) + 1;
								__eflags = _t219;
								_push( &_v144);
								_v44 = _t219;
								_push(_t219);
								_t220 =  &_v56;
								goto L21;
							}
						} else {
							_t228 =  *((char*)(( *(_t265 + _v52 + 0x2e) & 0x000000ff) + 0x901758)) + 1;
							_v56 = _t228;
							_t229 = _t228 - _t256;
							_v52 = _t229;
							if(_t229 > _t278) {
								__eflags = _t278;
								if(_t278 > 0) {
									_t291 = _v40;
									do {
										_t268 = _t265 + _t243 + _t256;
										_t231 =  *((intOrPtr*)(_t243 + _t291));
										_t243 =  &(_t243->Internal);
										 *((char*)(_t268 +  *((intOrPtr*)(0x902050 + _v84 * 4)) + 0x2e)) = _t231;
										_t256 = _v44;
										_t265 = _v80;
										__eflags = _t243 - _t278;
									} while (_t243 < _t278);
									L43:
									_t286 = _v92;
								}
								L44:
								_t289 = _t286 + _t278;
								__eflags = _t289;
								L45:
								__eflags = _v60;
								_v92 = _t289;
							} else {
								_t269 = _t243;
								if(_t256 > 0) {
									_t293 = _v108;
									do {
										 *((char*)(_t294 + _t269 - 0xc)) =  *((intOrPtr*)(_t293 + _t269));
										_t269 =  &(_t269->Internal);
									} while (_t269 < _t256);
									_t229 = _v52;
								}
								_t279 = _v40;
								if(_t229 > 0) {
									E008E5440( &_v16 + _t256, _t279, _v52);
									_t256 = _v44;
									_t295 = _t295 + 0xc;
								}
								if(_t256 > 0) {
									_t270 = _v44;
									_t280 = _t243;
									_t292 = _v80;
									do {
										_t262 = _t292 + _t280;
										_t280 =  &(_t280->Internal);
										 *(_t262 +  *((intOrPtr*)(0x902050 + _v84 * 4)) + 0x2e) = _t243;
									} while (_t280 < _t270);
									_t279 = _v40;
								}
								_v136 = _t243;
								_v120 =  &_v16;
								_t260 =  &_v136;
								_v132 = _t243;
								_push( &_v136);
								_t235 = (0 | _v56 == 0x00000004) + 1;
								_v44 = _t235;
								_push(_t235);
								_t220 =  &_v120;
								L21:
								_push(_t220);
								_push( &_v76);
								_t222 = E008EC387(_t260);
								_t296 = _t295 + 0x10;
								if(_t222 == 0xffffffff) {
									goto L52;
								} else {
									_t275 = _t279 + _v52 - 1;
									L31:
									_t275 = _t275 + 1;
									_v40 = _t275;
									_t193 = E008E8E20(_v124, _t243,  &_v76, _v44,  &_v32, 5, _t243, _t243);
									_t295 = _t296 + 0x20;
									_v56 = _t193;
									if(_t193 == 0) {
										goto L52;
									} else {
										if(WriteFile(_v116,  &_v32, _t193,  &_v100, _t243) == 0) {
											L51:
											_v96 = GetLastError();
											goto L52;
										} else {
											_t286 = _v88 - _v112 + _t275;
											_v92 = _t286;
											if(_v100 < _v56) {
												goto L52;
											} else {
												if(_v47 != 0xa) {
													L38:
													if(_t275 >= _v104) {
														goto L52;
													} else {
														_t249 = _v128;
														continue;
													}
												} else {
													_t198 = 0xd;
													_v48 = _t198;
													if(WriteFile(_v116,  &_v48, 1,  &_v100, _t243) == 0) {
														goto L51;
													} else {
														if(_v100 < 1) {
															goto L52;
														} else {
															_v88 = _v88 + 1;
															_t286 = _t286 + 1;
															_v92 = _t286;
															goto L38;
														}
													}
												}
											}
										}
									}
								}
							}
						}
						goto L53;
						L23:
						_t252 = _v80;
						_t264 =  *((intOrPtr*)(_t252 + _t186 + 0x2d));
						__eflags = _t264 & 0x00000004;
						if((_t264 & 0x00000004) == 0) {
							_v33 =  *_t275;
							_t188 = E008E96C1(_t264);
							_t253 = _v33 & 0x000000ff;
							__eflags =  *((intOrPtr*)(_t188 + _t253 * 2)) - _t243;
							if( *((intOrPtr*)(_t188 + _t253 * 2)) >= _t243) {
								_push(1);
								_push(_t275);
								goto L30;
							} else {
								_t202 = _t275 + 1;
								_v56 = _t202;
								__eflags = _t202 - _v104;
								if(_t202 >= _v104) {
									_t271 = _v84;
									_t255 = _v80;
									 *((char*)(_t255 +  *((intOrPtr*)(0x902050 + _t271 * 4)) + 0x2e)) = _v33;
									 *(_t255 +  *((intOrPtr*)(0x902050 + _t271 * 4)) + 0x2d) =  *(_t255 +  *((intOrPtr*)(0x902050 + _t271 * 4)) + 0x2d) | 0x00000004;
									_t289 = _t286 + 1;
									goto L45;
								} else {
									_t206 = E008EAD41( &_v76, _t275, 2);
									_t296 = _t295 + 0xc;
									__eflags = _t206 - 0xffffffff;
									if(_t206 == 0xffffffff) {
										goto L52;
									} else {
										_t275 = _v56;
										goto L31;
									}
								}
							}
						} else {
							_v24 =  *((intOrPtr*)(_t252 + _t186 + 0x2e));
							_v23 =  *_t275;
							_push(2);
							 *(_t252 + _v52 + 0x2d) = _t264 & 0x000000fb;
							_push( &_v24);
							L30:
							_push( &_v76);
							_t190 = E008EAD41();
							_t296 = _t295 + 0xc;
							__eflags = _t190 - 0xffffffff;
							if(_t190 == 0xffffffff) {
								goto L52;
							} else {
								goto L31;
							}
						}
						goto L53;
					}
				}
				L53:
				if(__eflags != 0) {
					_t183 = _v72;
					_t167 = _t183 + 0x350;
					 *_t167 =  *(_t183 + 0x350) & 0xfffffffd;
					__eflags =  *_t167;
				}
				__eflags = _v8 ^ _t294;
				asm("movsd");
				asm("movsd");
				asm("movsd");
				return E008E249D(_v8 ^ _t294);
			}

























































































                                                      0x008eb674
                                                      0x008eb67b
                                                      0x008eb67e
                                                      0x008eb683
                                                      0x008eb68b
                                                      0x008eb68e
                                                      0x008eb692
                                                      0x008eb695
                                                      0x008eb69f
                                                      0x008eb6a9
                                                      0x008eb6ab
                                                      0x008eb6ae
                                                      0x008eb6b1
                                                      0x008eb6b7
                                                      0x008eb6b9
                                                      0x008eb6c0
                                                      0x008eb6cd
                                                      0x008eb6ce
                                                      0x008eb6d1
                                                      0x008eb6d4
                                                      0x008eb6d5
                                                      0x008eb6d6
                                                      0x008eb6d9
                                                      0x008eb6de
                                                      0x008eb9ea
                                                      0x008eb9ea
                                                      0x008eb6e4
                                                      0x008eb6e4
                                                      0x008eb6e7
                                                      0x008eb6e9
                                                      0x008eb6ef
                                                      0x008eb6f2
                                                      0x008eb6f9
                                                      0x008eb700
                                                      0x008eb709
                                                      0x00000000
                                                      0x00000000
                                                      0x008eb70f
                                                      0x008eb715
                                                      0x008eb717
                                                      0x008eb719
                                                      0x008eb71c
                                                      0x008eb721
                                                      0x008eb725
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008eb725
                                                      0x008eb72a
                                                      0x008eb72d
                                                      0x008eb72f
                                                      0x008eb734
                                                      0x008eb7e6
                                                      0x008eb7e7
                                                      0x008eb7ea
                                                      0x008eb7ec
                                                      0x008eb99a
                                                      0x008eb99c
                                                      0x00000000
                                                      0x008eb99e
                                                      0x008eb99e
                                                      0x008eb9a1
                                                      0x008eb9a4
                                                      0x008eb9ad
                                                      0x008eb9b0
                                                      0x008eb9b1
                                                      0x008eb9b5
                                                      0x008eb9b8
                                                      0x008eb9b8
                                                      0x00000000
                                                      0x008eb9bc
                                                      0x008eb7f2
                                                      0x008eb7f2
                                                      0x008eb7f7
                                                      0x008eb7fa
                                                      0x008eb800
                                                      0x008eb806
                                                      0x008eb80f
                                                      0x008eb812
                                                      0x008eb812
                                                      0x008eb813
                                                      0x008eb814
                                                      0x008eb817
                                                      0x008eb818
                                                      0x00000000
                                                      0x008eb818
                                                      0x008eb73a
                                                      0x008eb749
                                                      0x008eb74a
                                                      0x008eb74d
                                                      0x008eb74f
                                                      0x008eb754
                                                      0x008eb965
                                                      0x008eb967
                                                      0x008eb969
                                                      0x008eb96c
                                                      0x008eb971
                                                      0x008eb97a
                                                      0x008eb97d
                                                      0x008eb97e
                                                      0x008eb982
                                                      0x008eb985
                                                      0x008eb988
                                                      0x008eb988
                                                      0x008eb98c
                                                      0x008eb98c
                                                      0x008eb98c
                                                      0x008eb98f
                                                      0x008eb98f
                                                      0x008eb98f
                                                      0x008eb991
                                                      0x008eb991
                                                      0x008eb995
                                                      0x008eb75a
                                                      0x008eb75a
                                                      0x008eb75e
                                                      0x008eb760
                                                      0x008eb763
                                                      0x008eb766
                                                      0x008eb76a
                                                      0x008eb76b
                                                      0x008eb76f
                                                      0x008eb76f
                                                      0x008eb772
                                                      0x008eb777
                                                      0x008eb783
                                                      0x008eb788
                                                      0x008eb78b
                                                      0x008eb78b
                                                      0x008eb790
                                                      0x008eb792
                                                      0x008eb795
                                                      0x008eb797
                                                      0x008eb79a
                                                      0x008eb79d
                                                      0x008eb7a0
                                                      0x008eb7a8
                                                      0x008eb7ac
                                                      0x008eb7b0
                                                      0x008eb7b0
                                                      0x008eb7b6
                                                      0x008eb7bc
                                                      0x008eb7bf
                                                      0x008eb7c7
                                                      0x008eb7ce
                                                      0x008eb7d2
                                                      0x008eb7d3
                                                      0x008eb7d6
                                                      0x008eb7d7
                                                      0x008eb81b
                                                      0x008eb81b
                                                      0x008eb81f
                                                      0x008eb820
                                                      0x008eb825
                                                      0x008eb82b
                                                      0x00000000
                                                      0x008eb831
                                                      0x008eb835
                                                      0x008eb8be
                                                      0x008eb8c5
                                                      0x008eb8cd
                                                      0x008eb8d5
                                                      0x008eb8da
                                                      0x008eb8dd
                                                      0x008eb8e2
                                                      0x00000000
                                                      0x008eb8e8
                                                      0x008eb8fd
                                                      0x008eb9e1
                                                      0x008eb9e7
                                                      0x00000000
                                                      0x008eb903
                                                      0x008eb90c
                                                      0x008eb90e
                                                      0x008eb914
                                                      0x00000000
                                                      0x008eb91a
                                                      0x008eb91e
                                                      0x008eb954
                                                      0x008eb957
                                                      0x00000000
                                                      0x008eb95d
                                                      0x008eb95d
                                                      0x00000000
                                                      0x008eb95d
                                                      0x008eb920
                                                      0x008eb922
                                                      0x008eb924
                                                      0x008eb93d
                                                      0x00000000
                                                      0x008eb943
                                                      0x008eb947
                                                      0x00000000
                                                      0x008eb94d
                                                      0x008eb94d
                                                      0x008eb950
                                                      0x008eb951
                                                      0x00000000
                                                      0x008eb951
                                                      0x008eb947
                                                      0x008eb93d
                                                      0x008eb91e
                                                      0x008eb914
                                                      0x008eb8fd
                                                      0x008eb8e2
                                                      0x008eb82b
                                                      0x008eb754
                                                      0x00000000
                                                      0x008eb83c
                                                      0x008eb83c
                                                      0x008eb83f
                                                      0x008eb843
                                                      0x008eb846
                                                      0x008eb868
                                                      0x008eb86b
                                                      0x008eb870
                                                      0x008eb874
                                                      0x008eb878
                                                      0x008eb8a6
                                                      0x008eb8a8
                                                      0x00000000
                                                      0x008eb87a
                                                      0x008eb87a
                                                      0x008eb87d
                                                      0x008eb880
                                                      0x008eb883
                                                      0x008eb9be
                                                      0x008eb9c1
                                                      0x008eb9ce
                                                      0x008eb9d9
                                                      0x008eb9de
                                                      0x00000000
                                                      0x008eb889
                                                      0x008eb890
                                                      0x008eb895
                                                      0x008eb898
                                                      0x008eb89b
                                                      0x00000000
                                                      0x008eb8a1
                                                      0x008eb8a1
                                                      0x00000000
                                                      0x008eb8a1
                                                      0x008eb89b
                                                      0x008eb883
                                                      0x008eb848
                                                      0x008eb84f
                                                      0x008eb854
                                                      0x008eb85a
                                                      0x008eb85c
                                                      0x008eb863
                                                      0x008eb8a9
                                                      0x008eb8ac
                                                      0x008eb8ad
                                                      0x008eb8b2
                                                      0x008eb8b5
                                                      0x008eb8b8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008eb8b8
                                                      0x00000000
                                                      0x008eb846
                                                      0x008eb6e7
                                                      0x008eb9ed
                                                      0x008eb9ed
                                                      0x008eb9ef
                                                      0x008eb9f2
                                                      0x008eb9f2
                                                      0x008eb9f2
                                                      0x008eb9f2
                                                      0x008eba04
                                                      0x008eba06
                                                      0x008eba07
                                                      0x008eba08
                                                      0x008eba12

                                                      APIs
                                                      • GetConsoleCP.KERNEL32(00000016,?,00000000), ref: 008EB6B1
                                                      • __fassign.LIBCMT ref: 008EB890
                                                      • __fassign.LIBCMT ref: 008EB8AD
                                                      • WriteFile.KERNEL32(?,00900538,00000000,?,00000000,?,?,?,?,?,?,?,?,?,?,00000000), ref: 008EB8F5
                                                      • WriteFile.KERNEL32(?,?,00000001,?,00000000), ref: 008EB935
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000), ref: 008EB9E1
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: FileWrite__fassign$ConsoleErrorLast
                                                      • String ID:
                                                      • API String ID: 4031098158-0
                                                      • Opcode ID: ea200c8e5a7d30959680c69e88f096cb1782ac919b4e433c8153dd3535f60c93
                                                      • Instruction ID: f42873989950970e074c4d73f9487504dd7c18efb00879f7170c7a38721bfe96
                                                      • Opcode Fuzzy Hash: ea200c8e5a7d30959680c69e88f096cb1782ac919b4e433c8153dd3535f60c93
                                                      • Instruction Fuzzy Hash: 49D1AE75D042989FCB15CFA9C8809EEBBB5FF4A304F284169E955FB352E730A942CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 83%
                                                      			E008E3A84(void* __ecx) {
				void* _t4;
				void* _t8;
				void* _t11;
				void* _t13;
				void* _t14;
				void* _t16;
				void* _t18;
				void* _t23;
				long _t24;
				void* _t27;

				_t13 = __ecx;
				if( *0x901020 != 0xffffffff) {
					_t24 = GetLastError();
					_t11 = E008E4C77(_t13, __eflags,  *0x901020);
					_t14 = _t23;
					__eflags = _t11 - 0xffffffff;
					if(_t11 == 0xffffffff) {
						L5:
						_t11 = 0;
					} else {
						__eflags = _t11;
						if(__eflags == 0) {
							_t4 = E008E4CB2(_t14, __eflags,  *0x901020, 0xffffffff);
							_pop(_t16);
							__eflags = _t4;
							if(_t4 != 0) {
								_push(0x28);
								_t27 = E008E7007(_t16);
								_t18 = 1;
								__eflags = _t27;
								if(__eflags == 0) {
									L8:
									_t11 = 0;
									E008E4CB2(_t18, __eflags,  *0x901020, 0);
								} else {
									_t8 = E008E4CB2(_t18, __eflags,  *0x901020, _t27);
									_pop(_t18);
									__eflags = _t8;
									if(__eflags != 0) {
										_t11 = _t27;
										_t27 = 0;
										__eflags = 0;
									} else {
										goto L8;
									}
								}
								E008E6A1E(_t27);
							} else {
								goto L5;
							}
						}
					}
					SetLastError(_t24);
					return _t11;
				} else {
					return 0;
				}
			}













                                                      0x008e3a84
                                                      0x008e3a8b
                                                      0x008e3a9e
                                                      0x008e3aa5
                                                      0x008e3aa7
                                                      0x008e3aa8
                                                      0x008e3aab
                                                      0x008e3ac4
                                                      0x008e3ac4
                                                      0x008e3aad
                                                      0x008e3aad
                                                      0x008e3aaf
                                                      0x008e3ab9
                                                      0x008e3abf
                                                      0x008e3ac0
                                                      0x008e3ac2
                                                      0x008e3ac9
                                                      0x008e3ad2
                                                      0x008e3ad5
                                                      0x008e3ad6
                                                      0x008e3ad8
                                                      0x008e3aec
                                                      0x008e3aec
                                                      0x008e3af5
                                                      0x008e3ada
                                                      0x008e3ae1
                                                      0x008e3ae7
                                                      0x008e3ae8
                                                      0x008e3aea
                                                      0x008e3afe
                                                      0x008e3b00
                                                      0x008e3b00
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3aea
                                                      0x008e3b03
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3ac2
                                                      0x008e3aaf
                                                      0x008e3b0b
                                                      0x008e3b15
                                                      0x008e3a8d
                                                      0x008e3a8f
                                                      0x008e3a8f

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,008E3A7B,008E3669,008E2DEA), ref: 008E3A92
                                                      • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 008E3AA0
                                                      • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008E3AB9
                                                      • SetLastError.KERNEL32(00000000,008E3A7B,008E3669,008E2DEA), ref: 008E3B0B
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLastValue___vcrt_
                                                      • String ID:
                                                      • API String ID: 3852720340-0
                                                      • Opcode ID: 5feef73e14f8b55165880d94818a1255191af7952b3953cb62a412b1e9c4ffba
                                                      • Instruction ID: 22db00c4096a41621f76c90df63031001884f7efca0b0eb41466460314514105
                                                      • Opcode Fuzzy Hash: 5feef73e14f8b55165880d94818a1255191af7952b3953cb62a412b1e9c4ffba
                                                      • Instruction Fuzzy Hash: 8601B53251DBE16ED725277BBC8D9262AA4FB573B47300239F550D71E1EF214D80A541
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E838C(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t14;
				intOrPtr _t15;
				intOrPtr _t17;
				intOrPtr _t36;
				intOrPtr* _t38;
				intOrPtr _t39;

				_t38 = _a4;
				if(_t38 != 0) {
					__eflags =  *_t38;
					if( *_t38 != 0) {
						_t14 = E008E8E20(_a16, 0, _t38, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t14;
						if(__eflags != 0) {
							_t36 = _a8;
							__eflags = _t14 -  *((intOrPtr*)(_t36 + 0xc));
							if(_t14 <=  *((intOrPtr*)(_t36 + 0xc))) {
								L10:
								_t15 = E008E8E20(_a16, 0, _t38, 0xffffffff,  *((intOrPtr*)(_t36 + 8)),  *((intOrPtr*)(_t36 + 0xc)), 0, 0);
								__eflags = _t15;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t36 + 0x10)) = _t15 - 1;
									_t17 = 0;
									__eflags = 0;
								} else {
									E008E714F(GetLastError());
									_t17 =  *((intOrPtr*)(E008E7185(__eflags)));
								}
								L13:
								L14:
								return _t17;
							}
							_t17 = E008E8453(_t36, _t14);
							__eflags = _t17;
							if(_t17 != 0) {
								goto L13;
							}
							goto L10;
						}
						E008E714F(GetLastError());
						_t17 =  *((intOrPtr*)(E008E7185(__eflags)));
						goto L14;
					}
					_t39 = _a8;
					__eflags =  *((intOrPtr*)(_t39 + 0xc));
					if( *((intOrPtr*)(_t39 + 0xc)) != 0) {
						L5:
						 *((char*)( *((intOrPtr*)(_t39 + 8)))) = 0;
						_t17 = 0;
						 *((intOrPtr*)(_t39 + 0x10)) = 0;
						goto L14;
					}
					_t17 = E008E8453(_t39, 1);
					__eflags = _t17;
					if(_t17 != 0) {
						goto L14;
					}
					goto L5;
				}
				E008E847A(_a8);
				return 0;
			}









                                                      0x008e8392
                                                      0x008e8397
                                                      0x008e83ab
                                                      0x008e83ae
                                                      0x008e83e0
                                                      0x008e83e8
                                                      0x008e83ea
                                                      0x008e8403
                                                      0x008e8406
                                                      0x008e8409
                                                      0x008e8417
                                                      0x008e8426
                                                      0x008e842e
                                                      0x008e8430
                                                      0x008e8449
                                                      0x008e844c
                                                      0x008e844c
                                                      0x008e8432
                                                      0x008e8439
                                                      0x008e8444
                                                      0x008e8444
                                                      0x008e844e
                                                      0x008e844f
                                                      0x00000000
                                                      0x008e844f
                                                      0x008e840e
                                                      0x008e8413
                                                      0x008e8415
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8415
                                                      0x008e83f3
                                                      0x008e83fe
                                                      0x00000000
                                                      0x008e83fe
                                                      0x008e83b0
                                                      0x008e83b3
                                                      0x008e83b6
                                                      0x008e83c9
                                                      0x008e83cc
                                                      0x008e83ce
                                                      0x008e83d0
                                                      0x00000000
                                                      0x008e83d0
                                                      0x008e83bc
                                                      0x008e83c1
                                                      0x008e83c3
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e83c3
                                                      0x008e839c
                                                      0x00000000

                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe, xrefs: 008E8391
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
                                                      • API String ID: 0-318019467
                                                      • Opcode ID: 95f7529ed16149fc0e0700a57adb082a740a1eb32d3a68eb96d4f71465519fe5
                                                      • Instruction ID: 30d043e48c25b48ec20bcb84ce3ab136432bde910464d6dc2db8ab620b476289
                                                      • Opcode Fuzzy Hash: 95f7529ed16149fc0e0700a57adb082a740a1eb32d3a68eb96d4f71465519fe5
                                                      • Instruction Fuzzy Hash: E721507160429AFF9B20AF679C8196F779DFB4236C7148514F92CD6191EF30EC0097A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E4B1E(void* __ecx, signed int* _a4, intOrPtr _a8) {
				WCHAR* _v8;
				signed int _t11;
				WCHAR* _t12;
				struct HINSTANCE__* _t16;
				struct HINSTANCE__* _t18;
				signed int* _t22;
				signed int* _t26;
				struct HINSTANCE__* _t29;
				WCHAR* _t31;
				void* _t32;

				_t26 = _a4;
				while(_t26 != _a8) {
					_t11 =  *_t26;
					_t22 = 0x901d40 + _t11 * 4;
					_t29 =  *_t22;
					if(_t29 == 0) {
						_t12 =  *(0x8efba0 + _t11 * 4);
						_v8 = _t12;
						_t29 = LoadLibraryExW(_t12, 0, 0x800);
						if(_t29 != 0) {
							L13:
							 *_t22 = _t29;
							if( *_t22 != 0) {
								FreeLibrary(_t29);
							}
							L15:
							_t16 = _t29;
							L12:
							return _t16;
						}
						_t18 = GetLastError();
						if(_t18 != 0x57) {
							L8:
							 *_t22 = _t18 | 0xffffffff;
							L9:
							_t26 =  &(_t26[1]);
							continue;
						}
						_t31 = _v8;
						_t18 = E008E7098(_t31, L"api-ms-", 7);
						_t32 = _t32 + 0xc;
						if(_t18 == 0) {
							goto L8;
						}
						_t18 = LoadLibraryExW(_t31, 0, 0);
						_t29 = _t18;
						if(_t29 != 0) {
							goto L13;
						}
						goto L8;
					}
					if(_t29 != 0xffffffff) {
						goto L15;
					}
					goto L9;
				}
				_t16 = 0;
				goto L12;
			}













                                                      0x008e4b25
                                                      0x008e4b99
                                                      0x008e4b2a
                                                      0x008e4b2c
                                                      0x008e4b33
                                                      0x008e4b37
                                                      0x008e4b40
                                                      0x008e4b4f
                                                      0x008e4b58
                                                      0x008e4b5c
                                                      0x008e4ba5
                                                      0x008e4ba7
                                                      0x008e4bab
                                                      0x008e4bae
                                                      0x008e4bae
                                                      0x008e4bb4
                                                      0x008e4bb4
                                                      0x008e4ba0
                                                      0x008e4ba4
                                                      0x008e4ba4
                                                      0x008e4b5e
                                                      0x008e4b67
                                                      0x008e4b91
                                                      0x008e4b94
                                                      0x008e4b96
                                                      0x008e4b96
                                                      0x00000000
                                                      0x008e4b96
                                                      0x008e4b69
                                                      0x008e4b74
                                                      0x008e4b79
                                                      0x008e4b7e
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4b85
                                                      0x008e4b8b
                                                      0x008e4b8f
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4b8f
                                                      0x008e4b3c
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e4b3e
                                                      0x008e4b9e
                                                      0x00000000

                                                      APIs
                                                      • FreeLibrary.KERNEL32(00000000,?,?,?,008E4BDF,?,?,00901CE8,00000000,?,008E4D0A,00000004,InitializeCriticalSectionEx,008EFC94,InitializeCriticalSectionEx,00000000), ref: 008E4BAE
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: FreeLibrary
                                                      • String ID: api-ms-
                                                      • API String ID: 3664257935-2084034818
                                                      • Opcode ID: 770e60513d7704b1e5c8e8e3566d76edc50d109cc01d1860846331b613ce94ab
                                                      • Instruction ID: 4414dfe9fe15d680f991bcb6fd430ec8e2ac66343a5d7182cc161551a9948489
                                                      • Opcode Fuzzy Hash: 770e60513d7704b1e5c8e8e3566d76edc50d109cc01d1860846331b613ce94ab
                                                      • Instruction Fuzzy Hash: 9311C632A016A5ABDF228BAA9C41B593394FF82770F240160FA19EF2C1D770ED0097D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 25%
                                                      			E008E67AF(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				_Unknown_base(*)()* _t8;
				_Unknown_base(*)()* _t14;

				_v8 = _v8 & 0x00000000;
				_t8 =  &_v8;
				__imp__GetModuleHandleExW(0, L"mscoree.dll", _t8, __ecx);
				if(_t8 != 0) {
					_t8 = GetProcAddress(_v8, "CorExitProcess");
					_t14 = _t8;
					if(_t14 != 0) {
						 *0x8ef138(_a4);
						_t8 =  *_t14();
					}
				}
				if(_v8 != 0) {
					return FreeLibrary(_v8);
				}
				return _t8;
			}






                                                      0x008e67b5
                                                      0x008e67b9
                                                      0x008e67c4
                                                      0x008e67cc
                                                      0x008e67d7
                                                      0x008e67dd
                                                      0x008e67e1
                                                      0x008e67e8
                                                      0x008e67ee
                                                      0x008e67ee
                                                      0x008e67f0
                                                      0x008e67f5
                                                      0x00000000
                                                      0x008e67fa
                                                      0x008e6801

                                                      APIs
                                                      • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,008E67A4,008E77E5,?,008E676C,?,?,008E77E5), ref: 008E67C4
                                                      • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 008E67D7
                                                      • FreeLibrary.KERNEL32(00000000,?,?,008E67A4,008E77E5,?,008E676C,?,?,008E77E5), ref: 008E67FA
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AddressFreeHandleLibraryModuleProc
                                                      • String ID: CorExitProcess$mscoree.dll
                                                      • API String ID: 4061214504-1276376045
                                                      • Opcode ID: c32f21fd972c508176c80e49dac1c91d99ff30fc38d9d32003a2f837087432f6
                                                      • Instruction ID: a946f56f05b806c3c24b9b282843c7685c1bcc2965ec7e9c9dc3a05caa340493
                                                      • Opcode Fuzzy Hash: c32f21fd972c508176c80e49dac1c91d99ff30fc38d9d32003a2f837087432f6
                                                      • Instruction Fuzzy Hash: 17F08C31A01699FBDB129B52DC49B9D7E79FF41796F104070F601E52A2DB748F00DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E953C(intOrPtr* _a4) {
				intOrPtr _t6;
				intOrPtr* _t21;
				void* _t23;
				void* _t24;
				void* _t25;
				void* _t26;
				void* _t27;

				_t21 = _a4;
				if(_t21 != 0) {
					_t23 =  *_t21 -  *0x901648; // 0x901698
					if(_t23 != 0) {
						E008E7B20(_t7);
					}
					_t24 =  *((intOrPtr*)(_t21 + 4)) -  *0x90164c; // 0x902330
					if(_t24 != 0) {
						E008E7B20(_t8);
					}
					_t25 =  *((intOrPtr*)(_t21 + 8)) -  *0x901650; // 0x902330
					if(_t25 != 0) {
						E008E7B20(_t9);
					}
					_t26 =  *((intOrPtr*)(_t21 + 0x30)) -  *0x901678; // 0x90169c
					if(_t26 != 0) {
						E008E7B20(_t10);
					}
					_t6 =  *((intOrPtr*)(_t21 + 0x34));
					_t27 = _t6 -  *0x90167c; // 0x902334
					if(_t27 != 0) {
						return E008E7B20(_t6);
					}
				}
				return _t6;
			}










                                                      0x008e9542
                                                      0x008e9547
                                                      0x008e954b
                                                      0x008e9551
                                                      0x008e9554
                                                      0x008e9559
                                                      0x008e955d
                                                      0x008e9563
                                                      0x008e9566
                                                      0x008e956b
                                                      0x008e956f
                                                      0x008e9575
                                                      0x008e9578
                                                      0x008e957d
                                                      0x008e9581
                                                      0x008e9587
                                                      0x008e958a
                                                      0x008e958f
                                                      0x008e9590
                                                      0x008e9593
                                                      0x008e9599
                                                      0x00000000
                                                      0x008e95a1
                                                      0x008e9599
                                                      0x008e95a4

                                                      APIs
                                                      • _free.LIBCMT ref: 008E9554
                                                        • Part of subcall function 008E7B20: HeapFree.KERNEL32(00000000,00000000,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?), ref: 008E7B36
                                                        • Part of subcall function 008E7B20: GetLastError.KERNEL32(?,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?,?), ref: 008E7B48
                                                      • _free.LIBCMT ref: 008E9566
                                                      • _free.LIBCMT ref: 008E9578
                                                      • _free.LIBCMT ref: 008E958A
                                                      • _free.LIBCMT ref: 008E959C
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: e631d57012147dbcdf7f6ec7581ecca0f862b590282a3ef321da3f85da78fe96
                                                      • Instruction ID: 96e9a3fadea72f410514a83cc4b10289d14e23f55c6df213ecacfe02e1538d37
                                                      • Opcode Fuzzy Hash: e631d57012147dbcdf7f6ec7581ecca0f862b590282a3ef321da3f85da78fe96
                                                      • Instruction Fuzzy Hash: 96F012729192806FC625EB6AF886C1673DDFA467207A81805F085D7511C771FD808B58
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 81%
                                                      			E008E7D10(void* __ebx, void* __edi, void* __esi, signed int* _a4, signed int _a8, intOrPtr _a12) {
				intOrPtr _v0;
				signed int _v6;
				signed int _v8;
				signed int _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr* _v72;
				intOrPtr* _v104;
				intOrPtr* _v108;
				intOrPtr _v112;
				signed int _v124;
				struct _WIN32_FIND_DATAW _v608;
				char _v609;
				intOrPtr* _v616;
				union _FINDEX_INFO_LEVELS _v620;
				union _FINDEX_INFO_LEVELS _v624;
				union _FINDEX_INFO_LEVELS _v628;
				signed int _v632;
				union _FINDEX_INFO_LEVELS _v636;
				union _FINDEX_INFO_LEVELS _v640;
				signed int _v644;
				signed int _v648;
				union _FINDEX_INFO_LEVELS _v652;
				union _FINDEX_INFO_LEVELS _v656;
				union _FINDEX_INFO_LEVELS _v660;
				union _FINDEX_INFO_LEVELS _v664;
				signed int _v668;
				union _FINDEX_INFO_LEVELS _v672;
				union _FINDEX_INFO_LEVELS _v676;
				intOrPtr _v724;
				intOrPtr* _t131;
				signed int _t132;
				signed int _t134;
				signed int _t139;
				signed int _t140;
				intOrPtr* _t150;
				signed int _t152;
				intOrPtr _t153;
				signed int _t157;
				signed int _t159;
				signed int _t164;
				signed int _t166;
				char _t168;
				signed char _t169;
				signed int _t175;
				union _FINDEX_INFO_LEVELS _t179;
				signed int _t185;
				union _FINDEX_INFO_LEVELS _t188;
				intOrPtr* _t196;
				signed int _t199;
				intOrPtr _t205;
				signed int _t207;
				signed int _t210;
				signed int _t212;
				signed int _t213;
				signed int _t214;
				signed int _t216;
				signed int _t218;
				signed int _t219;
				signed int* _t220;
				signed int _t223;
				void* _t226;
				union _FINDEX_INFO_LEVELS _t227;
				intOrPtr _t230;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t237;
				intOrPtr* _t240;
				signed int _t242;
				intOrPtr* _t245;
				signed int _t250;
				signed int _t256;
				signed int _t258;
				signed int _t264;
				intOrPtr* _t265;
				signed int _t273;
				signed int _t275;
				intOrPtr* _t276;
				void* _t278;
				intOrPtr* _t279;
				signed int _t282;
				signed int _t285;
				signed int _t287;
				intOrPtr _t289;
				signed int* _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				void* _t302;
				void* _t303;
				signed int _t305;
				void* _t309;
				signed int _t310;
				void* _t311;
				void* _t312;
				void* _t313;
				signed int _t314;
				void* _t315;
				void* _t316;

				_t131 = _a8;
				_t312 = _t311 - 0x28;
				_t320 = _t131;
				if(_t131 != 0) {
					_t294 = _a4;
					_t223 = 0;
					 *_t131 = 0;
					_t285 = 0;
					_t132 =  *_t294;
					_t233 = 0;
					_v608.cAlternateFileName = 0;
					_v40 = 0;
					_v36 = 0;
					__eflags = _t132;
					if(_t132 == 0) {
						L9:
						_v8 = _t223;
						_t134 = _t233 - _t285;
						_t295 = _t285;
						_v12 = _t295;
						_t272 = (_t134 >> 2) + 1;
						_t136 = _t134 + 3 >> 2;
						__eflags = _t233 - _t295;
						_v16 = (_t134 >> 2) + 1;
						asm("sbb esi, esi");
						_t297 =  !_t295 & _t134 + 0x00000003 >> 0x00000002;
						__eflags = _t297;
						if(_t297 != 0) {
							_t214 = _t285;
							_t282 = _t223;
							do {
								_t265 =  *_t214;
								_t20 = _t265 + 1; // 0x1
								_v20 = _t20;
								do {
									_t216 =  *_t265;
									_t265 = _t265 + 1;
									__eflags = _t216;
								} while (_t216 != 0);
								_t223 = _t223 + 1 + _t265 - _v20;
								_t214 = _v12 + 4;
								_t282 = _t282 + 1;
								_v12 = _t214;
								__eflags = _t282 - _t297;
							} while (_t282 != _t297);
							_t272 = _v16;
							_v8 = _t223;
							_t223 = 0;
							__eflags = 0;
						}
						_t298 = E008E62C2(_t136, _t272, _v8, 1);
						_t313 = _t312 + 0xc;
						__eflags = _t298;
						if(_t298 != 0) {
							_v12 = _t285;
							_t139 = _t298 + _v16 * 4;
							_t234 = _t139;
							_v28 = _t139;
							_t140 = _t285;
							_v16 = _t234;
							__eflags = _t140 - _v40;
							if(_t140 == _v40) {
								L24:
								_v12 = _t223;
								 *_a8 = _t298;
								_t299 = _t223;
								goto L25;
							} else {
								_t275 = _t298 - _t285;
								__eflags = _t275;
								_v32 = _t275;
								do {
									_t150 =  *_t140;
									_t276 = _t150;
									_v24 = _t150;
									_v20 = _t276 + 1;
									do {
										_t152 =  *_t276;
										_t276 = _t276 + 1;
										__eflags = _t152;
									} while (_t152 != 0);
									_t153 = _t276 - _v20 + 1;
									_push(_t153);
									_v20 = _t153;
									_t157 = E008EB2D7(_t234, _v28 - _t234 + _v8, _v24);
									_t313 = _t313 + 0x10;
									__eflags = _t157;
									if(_t157 != 0) {
										_push(_t223);
										_push(_t223);
										_push(_t223);
										_push(_t223);
										_push(_t223);
										E008E5D44();
										asm("int3");
										_t309 = _t313;
										_push(_t234);
										_t240 = _v72;
										_t65 = _t240 + 1; // 0x1
										_t278 = _t65;
										do {
											_t159 =  *_t240;
											_t240 = _t240 + 1;
											__eflags = _t159;
										} while (_t159 != 0);
										_push(_t285);
										_t287 = _a8;
										_t242 = _t240 - _t278 + 1;
										_v12 = _t242;
										__eflags = _t242 -  !_t287;
										if(_t242 <=  !_t287) {
											_push(_t223);
											_push(_t298);
											_t68 = _t287 + 1; // 0x1
											_t226 = _t68 + _t242;
											_t302 = E008E7AC3(_t242, _t226, 1);
											__eflags = _t287;
											if(_t287 == 0) {
												L40:
												_push(_v12);
												_t226 = _t226 - _t287;
												_t164 = E008EB2D7(_t302 + _t287, _t226, _v0);
												_t314 = _t313 + 0x10;
												__eflags = _t164;
												if(_t164 != 0) {
													goto L45;
												} else {
													_t230 = _a12;
													_t207 = E008E82FA(_t230);
													_v12 = _t207;
													__eflags = _t207;
													if(_t207 == 0) {
														 *( *(_t230 + 4)) = _t302;
														_t305 = 0;
														_t77 = _t230 + 4;
														 *_t77 =  *(_t230 + 4) + 4;
														__eflags =  *_t77;
													} else {
														E008E7B20(_t302);
														_t305 = _v12;
													}
													E008E7B20(0);
													_t210 = _t305;
													goto L37;
												}
											} else {
												_push(_t287);
												_t212 = E008EB2D7(_t302, _t226, _a4);
												_t314 = _t313 + 0x10;
												__eflags = _t212;
												if(_t212 != 0) {
													L45:
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													E008E5D44();
													asm("int3");
													_push(_t309);
													_t310 = _t314;
													_t315 = _t314 - 0x298;
													_t166 =  *0x901004; // 0x112d3ebc
													_v124 = _t166 ^ _t310;
													_t245 = _v108;
													_t279 = _v104;
													_push(_t226);
													_push(0);
													_t289 = _v112;
													_v724 = _t279;
													__eflags = _t245 - _t289;
													if(_t245 != _t289) {
														while(1) {
															_t205 =  *_t245;
															__eflags = _t205 - 0x2f;
															if(_t205 == 0x2f) {
																break;
															}
															__eflags = _t205 - 0x5c;
															if(_t205 != 0x5c) {
																__eflags = _t205 - 0x3a;
																if(_t205 != 0x3a) {
																	_t245 = E008EB330(_t289, _t245);
																	__eflags = _t245 - _t289;
																	if(_t245 != _t289) {
																		continue;
																	}
																}
															}
															break;
														}
														_t279 = _v616;
													}
													_t168 =  *_t245;
													_v609 = _t168;
													__eflags = _t168 - 0x3a;
													if(_t168 != 0x3a) {
														L56:
														_t227 = 0;
														__eflags = _t168 - 0x2f;
														if(__eflags == 0) {
															L59:
															_t169 = 1;
														} else {
															__eflags = _t168 - 0x5c;
															if(__eflags == 0) {
																goto L59;
															} else {
																__eflags = _t168 - 0x3a;
																_t169 = 0;
																if(__eflags == 0) {
																	goto L59;
																}
															}
														}
														_v676 = _t227;
														_v672 = _t227;
														_push(_t302);
														asm("sbb eax, eax");
														_v668 = _t227;
														_v664 = _t227;
														_v644 =  ~(_t169 & 0x000000ff) & _t245 - _t289 + 0x00000001;
														_v660 = _t227;
														_v656 = _t227;
														_t175 = E008E7CF3(_t245 - _t289 + 1, _t289,  &_v676, E008E8207(_t279, __eflags));
														_t316 = _t315 + 0xc;
														asm("sbb eax, eax");
														_t179 = FindFirstFileExW( !( ~_t175) & _v668, _t227,  &_v608, _t227, _t227, _t227);
														_t303 = _t179;
														__eflags = _t303 - 0xffffffff;
														if(_t303 != 0xffffffff) {
															_t250 =  *((intOrPtr*)(_v616 + 4)) -  *_v616;
															__eflags = _t250;
															_v648 = _t250 >> 2;
															do {
																_v640 = _t227;
																_v636 = _t227;
																_v632 = _t227;
																_v628 = _t227;
																_v624 = _t227;
																_v620 = _t227;
																_t185 = E008E7C24( &(_v608.cFileName),  &_v640,  &_v609, E008E8207(_t279, __eflags));
																_t316 = _t316 + 0x10;
																asm("sbb eax, eax");
																_t188 =  !( ~_t185) & _v632;
																__eflags =  *_t188 - 0x2e;
																if( *_t188 != 0x2e) {
																	L67:
																	_push(_v616);
																	_push(_v644);
																	_push(_t289);
																	_push(_t188);
																	L33();
																	_t316 = _t316 + 0x10;
																	_v652 = _t188;
																	__eflags = _t188;
																	if(_t188 != 0) {
																		__eflags = _v620 - _t227;
																		if(_v620 != _t227) {
																			E008E7B20(_v632);
																			_t188 = _v652;
																		}
																		_t227 = _t188;
																	} else {
																		goto L68;
																	}
																} else {
																	_t256 =  *((intOrPtr*)(_t188 + 1));
																	__eflags = _t256;
																	if(_t256 == 0) {
																		goto L68;
																	} else {
																		__eflags = _t256 - 0x2e;
																		if(_t256 != 0x2e) {
																			goto L67;
																		} else {
																			__eflags =  *((intOrPtr*)(_t188 + 2)) - _t227;
																			if( *((intOrPtr*)(_t188 + 2)) == _t227) {
																				goto L68;
																			} else {
																				goto L67;
																			}
																		}
																	}
																}
																L76:
																FindClose(_t303);
																goto L77;
																L68:
																__eflags = _v620 - _t227;
																if(_v620 != _t227) {
																	E008E7B20(_v632);
																}
																__eflags = FindNextFileW(_t303,  &_v608);
															} while (__eflags != 0);
															_t196 = _v616;
															_t258 = _v648;
															_t280 =  *_t196;
															_t199 =  *((intOrPtr*)(_t196 + 4)) -  *_t196 >> 2;
															__eflags = _t258 - _t199;
															if(_t258 != _t199) {
																E008EADE0(_t227, _t289, _t303, _t280 + _t258 * 4, _t199 - _t258, 4, E008E7B5A);
															}
															goto L76;
														} else {
															_push(_v616);
															_push(_t227);
															_push(_t227);
															_push(_t289);
															L33();
															_t227 = _t179;
														}
														L77:
														__eflags = _v656;
														if(_v656 != 0) {
															E008E7B20(_v668);
														}
													} else {
														__eflags = _t245 - _t289 + 1;
														if(_t245 == _t289 + 1) {
															_t168 = _v609;
															goto L56;
														} else {
															_push(_t279);
															_push(0);
															_push(0);
															_push(_t289);
															L33();
														}
													}
													__eflags = _v16 ^ _t310;
													return E008E249D(_v16 ^ _t310);
												} else {
													goto L40;
												}
											}
										} else {
											_t210 = 0xc;
											L37:
											return _t210;
										}
									} else {
										goto L23;
									}
									goto L81;
									L23:
									_t213 = _v12;
									_t264 = _v16;
									 *((intOrPtr*)(_v32 + _t213)) = _t264;
									_t140 = _t213 + 4;
									_t234 = _t264 + _v20;
									_v16 = _t234;
									_v12 = _t140;
									__eflags = _t140 - _v40;
								} while (_t140 != _v40);
								goto L24;
							}
						} else {
							_t299 = _t298 | 0xffffffff;
							_v12 = _t299;
							L25:
							E008E7B20(_t223);
							_pop(_t235);
							goto L26;
						}
					} else {
						while(1) {
							_v8 = 0x3f2a;
							_v6 = _t223;
							_t218 = E008EB2F0(_t132,  &_v8);
							_t235 =  *_t294;
							__eflags = _t218;
							if(_t218 != 0) {
								_push( &(_v608.cAlternateFileName));
								_push(_t218);
								_push(_t235);
								L46();
								_t312 = _t312 + 0xc;
								_v12 = _t218;
								_t299 = _t218;
							} else {
								_t219 =  &(_v608.cAlternateFileName);
								_push(_t219);
								_push(_t223);
								_push(_t223);
								_push(_t235);
								L33();
								_t299 = _t219;
								_t312 = _t312 + 0x10;
								_v12 = _t299;
							}
							__eflags = _t299;
							if(_t299 != 0) {
								break;
							}
							_t294 =  &(_a4[1]);
							_a4 = _t294;
							_t132 =  *_t294;
							__eflags = _t132;
							if(_t132 != 0) {
								continue;
							} else {
								_t285 = _v608.cAlternateFileName;
								_t233 = _v40;
								goto L9;
							}
							goto L81;
						}
						_t285 = _v608.cAlternateFileName;
						L26:
						_t273 = _t285;
						_v32 = _t273;
						__eflags = _v40 - _t273;
						asm("sbb ecx, ecx");
						_t237 =  !_t235 & _v40 - _t273 + 0x00000003 >> 0x00000002;
						__eflags = _t237;
						_v28 = _t237;
						if(_t237 != 0) {
							_t301 = _t237;
							do {
								E008E7B20( *_t285);
								_t223 = _t223 + 1;
								_t285 = _t285 + 4;
								__eflags = _t223 - _t301;
							} while (_t223 != _t301);
							_t285 = _v608.cAlternateFileName;
							_t299 = _v12;
						}
						E008E7B20(_t285);
						goto L31;
					}
				} else {
					_t220 = E008E7185(_t320);
					_t299 = 0x16;
					 *_t220 = _t299;
					E008E5D17();
					L31:
					return _t299;
				}
				L81:
			}














































































































                                                      0x008e7d15
                                                      0x008e7d18
                                                      0x008e7d1c
                                                      0x008e7d1e
                                                      0x008e7d34
                                                      0x008e7d38
                                                      0x008e7d3b
                                                      0x008e7d3d
                                                      0x008e7d3f
                                                      0x008e7d41
                                                      0x008e7d43
                                                      0x008e7d46
                                                      0x008e7d49
                                                      0x008e7d4c
                                                      0x008e7d4e
                                                      0x008e7db1
                                                      0x008e7db3
                                                      0x008e7db6
                                                      0x008e7db8
                                                      0x008e7dbc
                                                      0x008e7dc5
                                                      0x008e7dc6
                                                      0x008e7dc9
                                                      0x008e7dcb
                                                      0x008e7dce
                                                      0x008e7dd2
                                                      0x008e7dd2
                                                      0x008e7dd4
                                                      0x008e7dd6
                                                      0x008e7dd8
                                                      0x008e7dda
                                                      0x008e7dda
                                                      0x008e7ddc
                                                      0x008e7ddf
                                                      0x008e7de2
                                                      0x008e7de2
                                                      0x008e7de4
                                                      0x008e7de5
                                                      0x008e7de5
                                                      0x008e7df0
                                                      0x008e7df2
                                                      0x008e7df5
                                                      0x008e7df6
                                                      0x008e7df9
                                                      0x008e7df9
                                                      0x008e7dfd
                                                      0x008e7e00
                                                      0x008e7e03
                                                      0x008e7e03
                                                      0x008e7e03
                                                      0x008e7e10
                                                      0x008e7e12
                                                      0x008e7e15
                                                      0x008e7e17
                                                      0x008e7e2f
                                                      0x008e7e32
                                                      0x008e7e35
                                                      0x008e7e37
                                                      0x008e7e3a
                                                      0x008e7e3c
                                                      0x008e7e3f
                                                      0x008e7e42
                                                      0x008e7e9f
                                                      0x008e7ea2
                                                      0x008e7ea5
                                                      0x008e7ea7
                                                      0x00000000
                                                      0x008e7e44
                                                      0x008e7e46
                                                      0x008e7e46
                                                      0x008e7e48
                                                      0x008e7e4b
                                                      0x008e7e4b
                                                      0x008e7e4d
                                                      0x008e7e4f
                                                      0x008e7e55
                                                      0x008e7e58
                                                      0x008e7e58
                                                      0x008e7e5a
                                                      0x008e7e5b
                                                      0x008e7e5b
                                                      0x008e7e62
                                                      0x008e7e65
                                                      0x008e7e69
                                                      0x008e7e76
                                                      0x008e7e7b
                                                      0x008e7e7e
                                                      0x008e7e80
                                                      0x008e7ef4
                                                      0x008e7ef5
                                                      0x008e7ef6
                                                      0x008e7ef7
                                                      0x008e7ef8
                                                      0x008e7ef9
                                                      0x008e7efe
                                                      0x008e7f02
                                                      0x008e7f04
                                                      0x008e7f05
                                                      0x008e7f08
                                                      0x008e7f08
                                                      0x008e7f0b
                                                      0x008e7f0b
                                                      0x008e7f0d
                                                      0x008e7f0e
                                                      0x008e7f0e
                                                      0x008e7f12
                                                      0x008e7f13
                                                      0x008e7f1a
                                                      0x008e7f1d
                                                      0x008e7f20
                                                      0x008e7f22
                                                      0x008e7f2a
                                                      0x008e7f2b
                                                      0x008e7f2c
                                                      0x008e7f2f
                                                      0x008e7f39
                                                      0x008e7f3d
                                                      0x008e7f3f
                                                      0x008e7f53
                                                      0x008e7f53
                                                      0x008e7f56
                                                      0x008e7f60
                                                      0x008e7f65
                                                      0x008e7f68
                                                      0x008e7f6a
                                                      0x00000000
                                                      0x008e7f6c
                                                      0x008e7f6c
                                                      0x008e7f71
                                                      0x008e7f78
                                                      0x008e7f7b
                                                      0x008e7f7d
                                                      0x008e7f8e
                                                      0x008e7f90
                                                      0x008e7f92
                                                      0x008e7f92
                                                      0x008e7f92
                                                      0x008e7f7f
                                                      0x008e7f80
                                                      0x008e7f85
                                                      0x008e7f88
                                                      0x008e7f97
                                                      0x008e7f9d
                                                      0x00000000
                                                      0x008e7fa0
                                                      0x008e7f41
                                                      0x008e7f41
                                                      0x008e7f47
                                                      0x008e7f4c
                                                      0x008e7f4f
                                                      0x008e7f51
                                                      0x008e7fa3
                                                      0x008e7fa5
                                                      0x008e7fa6
                                                      0x008e7fa7
                                                      0x008e7fa8
                                                      0x008e7fa9
                                                      0x008e7faa
                                                      0x008e7faf
                                                      0x008e7fb2
                                                      0x008e7fb3
                                                      0x008e7fb5
                                                      0x008e7fbb
                                                      0x008e7fc2
                                                      0x008e7fc5
                                                      0x008e7fc8
                                                      0x008e7fcb
                                                      0x008e7fcc
                                                      0x008e7fcd
                                                      0x008e7fd0
                                                      0x008e7fd6
                                                      0x008e7fd8
                                                      0x008e7fda
                                                      0x008e7fda
                                                      0x008e7fdc
                                                      0x008e7fde
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7fe0
                                                      0x008e7fe2
                                                      0x008e7fe4
                                                      0x008e7fe6
                                                      0x008e7ff1
                                                      0x008e7ff3
                                                      0x008e7ff5
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7ff5
                                                      0x008e7fe6
                                                      0x00000000
                                                      0x008e7fe2
                                                      0x008e7ff7
                                                      0x008e7ff7
                                                      0x008e7ffd
                                                      0x008e7fff
                                                      0x008e8005
                                                      0x008e8007
                                                      0x008e8029
                                                      0x008e8029
                                                      0x008e802b
                                                      0x008e802d
                                                      0x008e8039
                                                      0x008e8039
                                                      0x008e802f
                                                      0x008e802f
                                                      0x008e8031
                                                      0x00000000
                                                      0x008e8033
                                                      0x008e8033
                                                      0x008e8035
                                                      0x008e8037
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8037
                                                      0x008e8031
                                                      0x008e8041
                                                      0x008e8049
                                                      0x008e804f
                                                      0x008e8050
                                                      0x008e8052
                                                      0x008e805a
                                                      0x008e8060
                                                      0x008e8066
                                                      0x008e806c
                                                      0x008e8080
                                                      0x008e8085
                                                      0x008e8090
                                                      0x008e80a0
                                                      0x008e80a6
                                                      0x008e80a8
                                                      0x008e80ab
                                                      0x008e80ce
                                                      0x008e80ce
                                                      0x008e80d3
                                                      0x008e80d9
                                                      0x008e80d9
                                                      0x008e80df
                                                      0x008e80e5
                                                      0x008e80eb
                                                      0x008e80f1
                                                      0x008e80f7
                                                      0x008e8118
                                                      0x008e811d
                                                      0x008e8122
                                                      0x008e8126
                                                      0x008e812c
                                                      0x008e812f
                                                      0x008e8142
                                                      0x008e8142
                                                      0x008e8148
                                                      0x008e814e
                                                      0x008e814f
                                                      0x008e8150
                                                      0x008e8155
                                                      0x008e8158
                                                      0x008e815e
                                                      0x008e8160
                                                      0x008e81be
                                                      0x008e81c4
                                                      0x008e81cc
                                                      0x008e81d1
                                                      0x008e81d7
                                                      0x008e81d8
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8131
                                                      0x008e8131
                                                      0x008e8134
                                                      0x008e8136
                                                      0x00000000
                                                      0x008e8138
                                                      0x008e8138
                                                      0x008e813b
                                                      0x00000000
                                                      0x008e813d
                                                      0x008e813d
                                                      0x008e8140
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e8140
                                                      0x008e813b
                                                      0x008e8136
                                                      0x008e81da
                                                      0x008e81db
                                                      0x00000000
                                                      0x008e8162
                                                      0x008e8162
                                                      0x008e8168
                                                      0x008e8170
                                                      0x008e8175
                                                      0x008e8184
                                                      0x008e8184
                                                      0x008e818c
                                                      0x008e8192
                                                      0x008e8198
                                                      0x008e819f
                                                      0x008e81a2
                                                      0x008e81a4
                                                      0x008e81b4
                                                      0x008e81b9
                                                      0x00000000
                                                      0x008e80ad
                                                      0x008e80ad
                                                      0x008e80b3
                                                      0x008e80b4
                                                      0x008e80b5
                                                      0x008e80b6
                                                      0x008e80be
                                                      0x008e80be
                                                      0x008e81e1
                                                      0x008e81e1
                                                      0x008e81e9
                                                      0x008e81f1
                                                      0x008e81f6
                                                      0x008e8009
                                                      0x008e800c
                                                      0x008e800e
                                                      0x008e8023
                                                      0x00000000
                                                      0x008e8010
                                                      0x008e8010
                                                      0x008e8013
                                                      0x008e8014
                                                      0x008e8015
                                                      0x008e8016
                                                      0x008e801b
                                                      0x008e800e
                                                      0x008e81fd
                                                      0x008e8206
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7f51
                                                      0x008e7f24
                                                      0x008e7f26
                                                      0x008e7f27
                                                      0x008e7f29
                                                      0x008e7f29
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7e82
                                                      0x008e7e82
                                                      0x008e7e88
                                                      0x008e7e8b
                                                      0x008e7e8e
                                                      0x008e7e91
                                                      0x008e7e94
                                                      0x008e7e97
                                                      0x008e7e9a
                                                      0x008e7e9a
                                                      0x00000000
                                                      0x008e7e4b
                                                      0x008e7e19
                                                      0x008e7e19
                                                      0x008e7e1c
                                                      0x008e7ea9
                                                      0x008e7eaa
                                                      0x008e7eaf
                                                      0x00000000
                                                      0x008e7eaf
                                                      0x008e7d50
                                                      0x008e7d50
                                                      0x008e7d53
                                                      0x008e7d5b
                                                      0x008e7d5e
                                                      0x008e7d65
                                                      0x008e7d67
                                                      0x008e7d69
                                                      0x008e7d84
                                                      0x008e7d85
                                                      0x008e7d86
                                                      0x008e7d87
                                                      0x008e7d8c
                                                      0x008e7d8f
                                                      0x008e7d92
                                                      0x008e7d6b
                                                      0x008e7d6b
                                                      0x008e7d6e
                                                      0x008e7d6f
                                                      0x008e7d70
                                                      0x008e7d71
                                                      0x008e7d72
                                                      0x008e7d77
                                                      0x008e7d79
                                                      0x008e7d7c
                                                      0x008e7d7c
                                                      0x008e7d94
                                                      0x008e7d96
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7d9f
                                                      0x008e7da2
                                                      0x008e7da5
                                                      0x008e7da7
                                                      0x008e7da9
                                                      0x00000000
                                                      0x008e7dab
                                                      0x008e7dab
                                                      0x008e7dae
                                                      0x00000000
                                                      0x008e7dae
                                                      0x00000000
                                                      0x008e7da9
                                                      0x008e7e24
                                                      0x008e7eb0
                                                      0x008e7eb3
                                                      0x008e7eb7
                                                      0x008e7ec0
                                                      0x008e7ec3
                                                      0x008e7ec7
                                                      0x008e7ec7
                                                      0x008e7ec9
                                                      0x008e7ecc
                                                      0x008e7ece
                                                      0x008e7ed0
                                                      0x008e7ed2
                                                      0x008e7ed7
                                                      0x008e7ed8
                                                      0x008e7edc
                                                      0x008e7edc
                                                      0x008e7ee0
                                                      0x008e7ee3
                                                      0x008e7ee3
                                                      0x008e7ee7
                                                      0x00000000
                                                      0x008e7eee
                                                      0x008e7d20
                                                      0x008e7d20
                                                      0x008e7d27
                                                      0x008e7d28
                                                      0x008e7d2a
                                                      0x008e7eef
                                                      0x008e7ef3
                                                      0x008e7ef3
                                                      0x00000000

                                                      APIs
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free
                                                      • String ID: *?
                                                      • API String ID: 269201875-2564092906
                                                      • Opcode ID: 690f6541a1321ee38f02b814fe5ba652e95306d8168f7e69d7ee2a7c284e39d5
                                                      • Instruction ID: f4fc331502efdddf726d93ed4a3825a814e54e32c22bad962b1c5b00ea36c86d
                                                      • Opcode Fuzzy Hash: 690f6541a1321ee38f02b814fe5ba652e95306d8168f7e69d7ee2a7c284e39d5
                                                      • Instruction Fuzzy Hash: 28614E75E0425A9FDB14CFAAC8815EEFBF5FF49710B2481A9E905E7300E731AE418B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 66%
                                                      			E008E3B64(void* __ecx, void* __edx, void* __eflags) {
				signed int* _t52;
				signed int _t53;
				intOrPtr _t54;
				signed int _t58;
				signed int _t61;
				intOrPtr _t71;
				signed int _t74;
				signed int _t78;
				signed int _t81;
				signed int _t84;
				signed int _t85;
				signed int _t98;
				signed int* _t99;
				signed char* _t101;
				signed int _t106;
				void* _t110;

				E008E2E60(__edx, 0x9002c0, 0x10);
				_t74 = 0;
				_t52 =  *(_t110 + 0x10);
				_t81 = _t52[1];
				if(_t81 == 0 ||  *((intOrPtr*)(_t81 + 8)) == 0) {
					L30:
					_t53 = 0;
					__eflags = 0;
					goto L31;
				} else {
					_t98 = _t52[2];
					if(_t98 != 0 ||  *_t52 < 0) {
						_t84 =  *_t52;
						_t106 =  *(_t110 + 0xc);
						if(_t84 >= 0) {
							_t106 = _t106 + 0xc + _t98;
						}
						 *(_t110 - 4) = _t74;
						_t101 =  *(_t110 + 0x14);
						if(_t84 >= 0 || ( *_t101 & 0x00000010) == 0) {
							L10:
							_t54 =  *((intOrPtr*)(_t110 + 8));
							__eflags = _t84 & 0x00000008;
							if((_t84 & 0x00000008) == 0) {
								__eflags =  *_t101 & 0x00000001;
								if(( *_t101 & 0x00000001) == 0) {
									_t84 =  *(_t54 + 0x18);
									__eflags = _t101[0x18] - _t74;
									if(_t101[0x18] != _t74) {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t106;
											if(_t106 == 0) {
												goto L32;
											} else {
												__eflags =  *_t101 & 0x00000004;
												_t78 = 0;
												_t74 = (_t78 & 0xffffff00 | ( *_t101 & 0x00000004) != 0x00000000) + 1;
												__eflags = _t74;
												 *(_t110 - 0x20) = _t74;
												goto L29;
											}
										}
									} else {
										__eflags = _t84;
										if(_t84 == 0) {
											goto L32;
										} else {
											__eflags = _t106;
											if(_t106 == 0) {
												goto L32;
											} else {
												E008E4D80(_t106, E008E35E9(_t84,  &(_t101[8])), _t101[0x14]);
												goto L29;
											}
										}
									}
								} else {
									__eflags =  *(_t54 + 0x18);
									if( *(_t54 + 0x18) == 0) {
										goto L32;
									} else {
										__eflags = _t106;
										if(_t106 == 0) {
											goto L32;
										} else {
											E008E4D80(_t106,  *(_t54 + 0x18), _t101[0x14]);
											__eflags = _t101[0x14] - 4;
											if(_t101[0x14] == 4) {
												__eflags =  *_t106;
												if( *_t106 != 0) {
													_push( &(_t101[8]));
													_push( *_t106);
													goto L21;
												}
											}
											goto L29;
										}
									}
								}
							} else {
								_t84 =  *(_t54 + 0x18);
								goto L12;
							}
						} else {
							_t71 =  *0x901cbc; // 0x0
							 *((intOrPtr*)(_t110 - 0x1c)) = _t71;
							if(_t71 == 0) {
								goto L10;
							} else {
								 *0x8ef138();
								_t84 =  *((intOrPtr*)(_t110 - 0x1c))();
								L12:
								if(_t84 == 0 || _t106 == 0) {
									L32:
									E008E6F69(_t74, _t84, _t98, _t101, _t106);
									asm("int3");
									E008E2E60(_t98, 0x9002e0, 8);
									_t99 =  *(_t110 + 0x10);
									_t85 =  *(_t110 + 0xc);
									__eflags =  *_t99;
									if(__eflags >= 0) {
										_t103 = _t85 + 0xc + _t99[2];
										__eflags = _t85 + 0xc + _t99[2];
									} else {
										_t103 = _t85;
									}
									 *(_t110 - 4) =  *(_t110 - 4) & 0x00000000;
									_t107 =  *(_t110 + 0x14);
									_push( *(_t110 + 0x14));
									_push(_t99);
									_push(_t85);
									_t76 =  *((intOrPtr*)(_t110 + 8));
									_push( *((intOrPtr*)(_t110 + 8)));
									_t58 = E008E3B64(_t85, _t99, __eflags) - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										_t61 = E008E4870(_t103, _t107[0x18], E008E35E9( *((intOrPtr*)(_t76 + 0x18)),  &(_t107[8])));
									} else {
										_t61 = _t58 - 1;
										__eflags = _t61;
										if(_t61 == 0) {
											_t61 = E008E4880(_t103, _t107[0x18], E008E35E9( *((intOrPtr*)(_t76 + 0x18)),  &(_t107[8])), 1);
										}
									}
									 *(_t110 - 4) = 0xfffffffe;
									 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0x10));
									return _t61;
								} else {
									 *_t106 = _t84;
									_push( &(_t101[8]));
									_push(_t84);
									L21:
									 *_t106 = E008E35E9();
									L29:
									 *(_t110 - 4) = 0xfffffffe;
									_t53 = _t74;
									L31:
									 *[fs:0x0] =  *((intOrPtr*)(_t110 - 0x10));
									return _t53;
								}
							}
						}
					} else {
						goto L30;
					}
				}
			}



















                                                      0x008e3b6b
                                                      0x008e3b70
                                                      0x008e3b72
                                                      0x008e3b75
                                                      0x008e3b7a
                                                      0x008e3c8a
                                                      0x008e3c8a
                                                      0x008e3c8a
                                                      0x00000000
                                                      0x008e3b89
                                                      0x008e3b89
                                                      0x008e3b8e
                                                      0x008e3b98
                                                      0x008e3b9a
                                                      0x008e3b9f
                                                      0x008e3ba4
                                                      0x008e3ba4
                                                      0x008e3ba6
                                                      0x008e3ba9
                                                      0x008e3bae
                                                      0x008e3bd0
                                                      0x008e3bd0
                                                      0x008e3bd3
                                                      0x008e3bd6
                                                      0x008e3bf4
                                                      0x008e3bf7
                                                      0x008e3c36
                                                      0x008e3c39
                                                      0x008e3c3c
                                                      0x008e3c61
                                                      0x008e3c63
                                                      0x00000000
                                                      0x008e3c65
                                                      0x008e3c65
                                                      0x008e3c67
                                                      0x00000000
                                                      0x008e3c69
                                                      0x008e3c69
                                                      0x008e3c6e
                                                      0x008e3c72
                                                      0x008e3c72
                                                      0x008e3c73
                                                      0x00000000
                                                      0x008e3c73
                                                      0x008e3c67
                                                      0x008e3c3e
                                                      0x008e3c3e
                                                      0x008e3c40
                                                      0x00000000
                                                      0x008e3c42
                                                      0x008e3c42
                                                      0x008e3c44
                                                      0x00000000
                                                      0x008e3c46
                                                      0x008e3c57
                                                      0x00000000
                                                      0x008e3c5c
                                                      0x008e3c44
                                                      0x008e3c40
                                                      0x008e3bf9
                                                      0x008e3bf9
                                                      0x008e3bfd
                                                      0x00000000
                                                      0x008e3c03
                                                      0x008e3c03
                                                      0x008e3c05
                                                      0x00000000
                                                      0x008e3c0b
                                                      0x008e3c12
                                                      0x008e3c1a
                                                      0x008e3c1e
                                                      0x008e3c20
                                                      0x008e3c23
                                                      0x008e3c28
                                                      0x008e3c29
                                                      0x00000000
                                                      0x008e3c29
                                                      0x008e3c23
                                                      0x00000000
                                                      0x008e3c1e
                                                      0x008e3c05
                                                      0x008e3bfd
                                                      0x008e3bd8
                                                      0x008e3bd8
                                                      0x00000000
                                                      0x008e3bd8
                                                      0x008e3bb5
                                                      0x008e3bb5
                                                      0x008e3bba
                                                      0x008e3bbf
                                                      0x00000000
                                                      0x008e3bc1
                                                      0x008e3bc3
                                                      0x008e3bcc
                                                      0x008e3bdb
                                                      0x008e3bdd
                                                      0x008e3c9c
                                                      0x008e3c9c
                                                      0x008e3ca1
                                                      0x008e3ca9
                                                      0x008e3cae
                                                      0x008e3cb1
                                                      0x008e3cb4
                                                      0x008e3cb7
                                                      0x008e3cc0
                                                      0x008e3cc0
                                                      0x008e3cb9
                                                      0x008e3cb9
                                                      0x008e3cb9
                                                      0x008e3cc3
                                                      0x008e3cc7
                                                      0x008e3cca
                                                      0x008e3ccb
                                                      0x008e3ccc
                                                      0x008e3ccd
                                                      0x008e3cd0
                                                      0x008e3cd9
                                                      0x008e3cd9
                                                      0x008e3cdc
                                                      0x008e3d12
                                                      0x008e3cde
                                                      0x008e3cde
                                                      0x008e3cde
                                                      0x008e3ce1
                                                      0x008e3cf8
                                                      0x008e3cf8
                                                      0x008e3ce1
                                                      0x008e3d17
                                                      0x008e3d21
                                                      0x008e3d2d
                                                      0x008e3beb
                                                      0x008e3beb
                                                      0x008e3bf0
                                                      0x008e3bf1
                                                      0x008e3c2b
                                                      0x008e3c32
                                                      0x008e3c76
                                                      0x008e3c76
                                                      0x008e3c7d
                                                      0x008e3c8c
                                                      0x008e3c8f
                                                      0x008e3c9b
                                                      0x008e3c9b
                                                      0x008e3bdd
                                                      0x008e3bbf
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e3b8e

                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: AdjustPointer
                                                      • String ID:
                                                      • API String ID: 1740715915-0
                                                      • Opcode ID: a264a55ce2dd92e12bded0c0a1f262aed4b4b5e3c5fa861120518b4e46b85d9c
                                                      • Instruction ID: c554ddc9c7bad0f9a2a05999d747298a120e6a6be768ca02316b6b5c02cce7b7
                                                      • Opcode Fuzzy Hash: a264a55ce2dd92e12bded0c0a1f262aed4b4b5e3c5fa861120518b4e46b85d9c
                                                      • Instruction Fuzzy Hash: 2751E172604686EFDB298F16D849BBA77A4FF42310F25812DEC06E7291D731EE40C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E7C24(intOrPtr* _a4, intOrPtr _a8, intOrPtr _a16) {
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t29;
				char _t31;
				intOrPtr _t38;
				intOrPtr* _t40;
				intOrPtr _t41;

				_t40 = _a4;
				if(_t40 != 0) {
					_t31 = 0;
					__eflags =  *_t40;
					if( *_t40 != 0) {
						_t16 = E008E8E20(_a16, 0, _t40, 0xffffffff, 0, 0, 0, 0);
						__eflags = _t16;
						if(__eflags != 0) {
							_t38 = _a8;
							__eflags = _t16 -  *((intOrPtr*)(_t38 + 0xc));
							if(__eflags <= 0) {
								L11:
								_t17 = E008E8E20(_a16, _t31, _t40, 0xffffffff,  *((intOrPtr*)(_t38 + 8)),  *((intOrPtr*)(_t38 + 0xc)), _t31, _t31);
								__eflags = _t17;
								if(__eflags != 0) {
									 *((intOrPtr*)(_t38 + 0x10)) = _t17 - 1;
									_t19 = 0;
									__eflags = 0;
								} else {
									E008E714F(GetLastError());
									_t19 =  *((intOrPtr*)(E008E7185(__eflags)));
								}
								L14:
								return _t19;
							}
							_t19 = E008E8260(_t38, __eflags, _t16);
							__eflags = _t19;
							if(_t19 != 0) {
								goto L14;
							}
							goto L11;
						}
						E008E714F(GetLastError());
						return  *((intOrPtr*)(E008E7185(__eflags)));
					}
					_t41 = _a8;
					__eflags =  *((intOrPtr*)(_t41 + 0xc));
					if(__eflags != 0) {
						L6:
						 *((char*)( *((intOrPtr*)(_t41 + 8)))) = _t31;
						L2:
						 *((intOrPtr*)(_t41 + 0x10)) = _t31;
						return 0;
					}
					_t29 = E008E8260(_t41, __eflags, 1);
					__eflags = _t29;
					if(_t29 != 0) {
						return _t29;
					}
					goto L6;
				}
				_t41 = _a8;
				E008E8246(_t41);
				_t31 = 0;
				 *((intOrPtr*)(_t41 + 8)) = 0;
				 *((intOrPtr*)(_t41 + 0xc)) = 0;
				goto L2;
			}











                                                      0x008e7c2b
                                                      0x008e7c30
                                                      0x008e7c4e
                                                      0x008e7c50
                                                      0x008e7c53
                                                      0x008e7c80
                                                      0x008e7c88
                                                      0x008e7c8a
                                                      0x008e7ca3
                                                      0x008e7ca6
                                                      0x008e7ca9
                                                      0x008e7cb7
                                                      0x008e7cc6
                                                      0x008e7cce
                                                      0x008e7cd0
                                                      0x008e7ce9
                                                      0x008e7cec
                                                      0x008e7cec
                                                      0x008e7cd2
                                                      0x008e7cd9
                                                      0x008e7ce4
                                                      0x008e7ce4
                                                      0x008e7cee
                                                      0x00000000
                                                      0x008e7cee
                                                      0x008e7cae
                                                      0x008e7cb3
                                                      0x008e7cb5
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e7cb5
                                                      0x008e7c93
                                                      0x00000000
                                                      0x008e7c9e
                                                      0x008e7c55
                                                      0x008e7c58
                                                      0x008e7c5b
                                                      0x008e7c6e
                                                      0x008e7c71
                                                      0x008e7c44
                                                      0x008e7c44
                                                      0x00000000
                                                      0x008e7c47
                                                      0x008e7c61
                                                      0x008e7c66
                                                      0x008e7c68
                                                      0x008e7cf2
                                                      0x008e7cf2
                                                      0x00000000
                                                      0x008e7c68
                                                      0x008e7c32
                                                      0x008e7c37
                                                      0x008e7c3c
                                                      0x008e7c3e
                                                      0x008e7c41
                                                      0x00000000

                                                      APIs
                                                        • Part of subcall function 008E8246: _free.LIBCMT ref: 008E8254
                                                        • Part of subcall function 008E8E20: WideCharToMultiByte.KERNEL32(?,00000000,008E5A5A,00000000,?,00900538,008EBFF9,?,008E5A5A,?,00000000,?,008EBD68,0000FDE9,00000000,?), ref: 008E8EC2
                                                      • GetLastError.KERNEL32 ref: 008E7C8C
                                                      • __dosmaperr.LIBCMT ref: 008E7C93
                                                      • GetLastError.KERNEL32(?,?,?,?,?,?,?), ref: 008E7CD2
                                                      • __dosmaperr.LIBCMT ref: 008E7CD9
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLast__dosmaperr$ByteCharMultiWide_free
                                                      • String ID:
                                                      • API String ID: 167067550-0
                                                      • Opcode ID: 81920f9d8b468aa03a12cbe0650ea2dc64b1111e72938a40dc5262ba27502d7a
                                                      • Instruction ID: cfba107a0c2c34990027cbd7cc637836472c4081bdce928e3c5d0817978f33ff
                                                      • Opcode Fuzzy Hash: 81920f9d8b468aa03a12cbe0650ea2dc64b1111e72938a40dc5262ba27502d7a
                                                      • Instruction Fuzzy Hash: 4221C871608689FFAB20AF679C8093B77ADFF063647204518F929D7151EB30DC009761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 73%
                                                      			E008E7729(void* __ecx, void* __edx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t2;
				long _t3;
				intOrPtr _t5;
				long _t6;
				intOrPtr _t9;
				long _t10;
				signed int _t39;
				signed int _t40;
				void* _t43;
				void* _t49;
				signed int _t51;
				signed int _t53;
				signed int _t54;
				long _t56;
				long _t60;
				long _t61;
				void* _t65;

				_t49 = __edx;
				_t43 = __ecx;
				_t60 = GetLastError();
				_t2 =  *0x901058; // 0x6
				_t67 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E008E9E36(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t51 = E008E7AC3(_t43, 1, 0x364);
						_pop(_t43);
						__eflags = _t51;
						if(__eflags != 0) {
							__eflags = E008E9E36(__eflags,  *0x901058, _t51);
							if(__eflags != 0) {
								E008E7557(_t51, 0x901ec4);
								E008E7B20(0);
								_t65 = _t65 + 0xc;
								goto L13;
							} else {
								_t39 = 0;
								E008E9E36(__eflags,  *0x901058, 0);
								_push(_t51);
								goto L9;
							}
						} else {
							_t39 = 0;
							__eflags = 0;
							E008E9E36(0,  *0x901058, 0);
							_push(0);
							L9:
							E008E7B20();
							_pop(_t43);
							goto L4;
						}
					}
				} else {
					_t51 = E008E9DF7(_t67, _t2);
					if(_t51 == 0) {
						_t2 =  *0x901058; // 0x6
						goto L6;
					} else {
						if(_t51 != 0xffffffff) {
							L13:
							_t39 = _t51;
						} else {
							L3:
							_t39 = 0;
							L4:
							_t51 = _t39;
						}
					}
				}
				SetLastError(_t60);
				asm("sbb edi, edi");
				_t53 =  ~_t51 & _t39;
				if(_t53 == 0) {
					E008E6F69(_t39, _t43, _t49, _t53, _t60);
					asm("int3");
					_t5 =  *0x901058; // 0x6
					_push(_t60);
					__eflags = _t5 - 0xffffffff;
					if(__eflags == 0) {
						L22:
						_t6 = E008E9E36(__eflags, _t5, 0xffffffff);
						__eflags = _t6;
						if(_t6 == 0) {
							goto L31;
						} else {
							_t60 = E008E7AC3(_t43, 1, 0x364);
							_pop(_t43);
							__eflags = _t60;
							if(__eflags != 0) {
								__eflags = E008E9E36(__eflags,  *0x901058, _t60);
								if(__eflags != 0) {
									E008E7557(_t60, 0x901ec4);
									E008E7B20(0);
									_t65 = _t65 + 0xc;
									goto L29;
								} else {
									E008E9E36(__eflags,  *0x901058, _t21);
									_push(_t60);
									goto L25;
								}
							} else {
								E008E9E36(__eflags,  *0x901058, _t20);
								_push(_t60);
								L25:
								E008E7B20();
								_pop(_t43);
								goto L31;
							}
						}
					} else {
						_t60 = E008E9DF7(__eflags, _t5);
						__eflags = _t60;
						if(__eflags == 0) {
							_t5 =  *0x901058; // 0x6
							goto L22;
						} else {
							__eflags = _t60 - 0xffffffff;
							if(_t60 == 0xffffffff) {
								L31:
								E008E6F69(_t39, _t43, _t49, _t53, _t60);
								asm("int3");
								_push(_t39);
								_push(_t60);
								_push(_t53);
								_t61 = GetLastError();
								_t9 =  *0x901058; // 0x6
								__eflags = _t9 - 0xffffffff;
								if(__eflags == 0) {
									L38:
									_t10 = E008E9E36(__eflags, _t9, 0xffffffff);
									__eflags = _t10;
									if(_t10 == 0) {
										goto L35;
									} else {
										_t54 = E008E7AC3(_t43, 1, 0x364);
										__eflags = _t54;
										if(__eflags != 0) {
											__eflags = E008E9E36(__eflags,  *0x901058, _t54);
											if(__eflags != 0) {
												E008E7557(_t54, 0x901ec4);
												E008E7B20(0);
												goto L45;
											} else {
												_t40 = 0;
												E008E9E36(__eflags,  *0x901058, 0);
												_push(_t54);
												goto L41;
											}
										} else {
											_t40 = 0;
											__eflags = 0;
											E008E9E36(0,  *0x901058, 0);
											_push(0);
											L41:
											E008E7B20();
											goto L36;
										}
									}
								} else {
									_t54 = E008E9DF7(__eflags, _t9);
									__eflags = _t54;
									if(__eflags == 0) {
										_t9 =  *0x901058; // 0x6
										goto L38;
									} else {
										__eflags = _t54 - 0xffffffff;
										if(_t54 != 0xffffffff) {
											L45:
											_t40 = _t54;
										} else {
											L35:
											_t40 = 0;
											__eflags = 0;
											L36:
											_t54 = _t40;
										}
									}
								}
								SetLastError(_t61);
								asm("sbb edi, edi");
								_t56 =  ~_t54 & _t40;
								__eflags = _t56;
								return _t56;
							} else {
								L29:
								__eflags = _t60;
								if(_t60 == 0) {
									goto L31;
								} else {
									return _t60;
								}
							}
						}
					}
				} else {
					return _t53;
				}
			}























                                                      0x008e7729
                                                      0x008e7729
                                                      0x008e7734
                                                      0x008e7736
                                                      0x008e773b
                                                      0x008e773e
                                                      0x008e775c
                                                      0x008e775f
                                                      0x008e7764
                                                      0x008e7766
                                                      0x00000000
                                                      0x008e7768
                                                      0x008e7774
                                                      0x008e7777
                                                      0x008e7778
                                                      0x008e777a
                                                      0x008e779f
                                                      0x008e77a1
                                                      0x008e77ba
                                                      0x008e77c1
                                                      0x008e77c6
                                                      0x00000000
                                                      0x008e77a3
                                                      0x008e77a3
                                                      0x008e77ac
                                                      0x008e77b1
                                                      0x00000000
                                                      0x008e77b1
                                                      0x008e777c
                                                      0x008e777c
                                                      0x008e777c
                                                      0x008e7785
                                                      0x008e778a
                                                      0x008e778b
                                                      0x008e778b
                                                      0x008e7790
                                                      0x00000000
                                                      0x008e7790
                                                      0x008e777a
                                                      0x008e7740
                                                      0x008e7746
                                                      0x008e774a
                                                      0x008e7757
                                                      0x00000000
                                                      0x008e774c
                                                      0x008e774f
                                                      0x008e77c9
                                                      0x008e77c9
                                                      0x008e7751
                                                      0x008e7751
                                                      0x008e7751
                                                      0x008e7753
                                                      0x008e7753
                                                      0x008e7753
                                                      0x008e774f
                                                      0x008e774a
                                                      0x008e77cc
                                                      0x008e77d4
                                                      0x008e77d6
                                                      0x008e77d8
                                                      0x008e77e0
                                                      0x008e77e5
                                                      0x008e77e6
                                                      0x008e77eb
                                                      0x008e77ec
                                                      0x008e77ef
                                                      0x008e7809
                                                      0x008e780c
                                                      0x008e7811
                                                      0x008e7813
                                                      0x00000000
                                                      0x008e7815
                                                      0x008e7821
                                                      0x008e7824
                                                      0x008e7825
                                                      0x008e7827
                                                      0x008e784a
                                                      0x008e784c
                                                      0x008e7863
                                                      0x008e786a
                                                      0x008e786f
                                                      0x00000000
                                                      0x008e784e
                                                      0x008e7855
                                                      0x008e785a
                                                      0x00000000
                                                      0x008e785a
                                                      0x008e7829
                                                      0x008e7830
                                                      0x008e7835
                                                      0x008e7836
                                                      0x008e7836
                                                      0x008e783b
                                                      0x00000000
                                                      0x008e783b
                                                      0x008e7827
                                                      0x008e77f1
                                                      0x008e77f7
                                                      0x008e77f9
                                                      0x008e77fb
                                                      0x008e7804
                                                      0x00000000
                                                      0x008e77fd
                                                      0x008e77fd
                                                      0x008e7800
                                                      0x008e787a
                                                      0x008e787a
                                                      0x008e787f
                                                      0x008e7882
                                                      0x008e7883
                                                      0x008e7884
                                                      0x008e788b
                                                      0x008e788d
                                                      0x008e7892
                                                      0x008e7895
                                                      0x008e78b3
                                                      0x008e78b6
                                                      0x008e78bb
                                                      0x008e78bd
                                                      0x00000000
                                                      0x008e78bf
                                                      0x008e78cb
                                                      0x008e78cf
                                                      0x008e78d1
                                                      0x008e78f6
                                                      0x008e78f8
                                                      0x008e7911
                                                      0x008e7918
                                                      0x00000000
                                                      0x008e78fa
                                                      0x008e78fa
                                                      0x008e7903
                                                      0x008e7908
                                                      0x00000000
                                                      0x008e7908
                                                      0x008e78d3
                                                      0x008e78d3
                                                      0x008e78d3
                                                      0x008e78dc
                                                      0x008e78e1
                                                      0x008e78e2
                                                      0x008e78e2
                                                      0x00000000
                                                      0x008e78e7
                                                      0x008e78d1
                                                      0x008e7897
                                                      0x008e789d
                                                      0x008e789f
                                                      0x008e78a1
                                                      0x008e78ae
                                                      0x00000000
                                                      0x008e78a3
                                                      0x008e78a3
                                                      0x008e78a6
                                                      0x008e7920
                                                      0x008e7920
                                                      0x008e78a8
                                                      0x008e78a8
                                                      0x008e78a8
                                                      0x008e78a8
                                                      0x008e78aa
                                                      0x008e78aa
                                                      0x008e78aa
                                                      0x008e78a6
                                                      0x008e78a1
                                                      0x008e7923
                                                      0x008e792b
                                                      0x008e792d
                                                      0x008e792d
                                                      0x008e7934
                                                      0x008e7802
                                                      0x008e7872
                                                      0x008e7872
                                                      0x008e7874
                                                      0x00000000
                                                      0x008e7876
                                                      0x008e7879
                                                      0x008e7879
                                                      0x008e7874
                                                      0x008e7800
                                                      0x008e77fb
                                                      0x008e77da
                                                      0x008e77df
                                                      0x008e77df

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,008E59F4,?,?,008E1D19,?,008E5A5A,?,?,?,?,008E5B53,008E1D19,00000000), ref: 008E772E
                                                      • _free.LIBCMT ref: 008E778B
                                                      • _free.LIBCMT ref: 008E77C1
                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,008E5A5A,?,?,?,?,008E5B53,008E1D19,00000000,?,008E1D19,?), ref: 008E77CC
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: 13b6ed09a281aad764d14d4f9aae8a3f58906778a6a0f9b91c3d9ff412cfb067
                                                      • Instruction ID: 929e25663d71b2209a1f4290657c144c11f0714a84c5897806998b23169aeca4
                                                      • Opcode Fuzzy Hash: 13b6ed09a281aad764d14d4f9aae8a3f58906778a6a0f9b91c3d9ff412cfb067
                                                      • Instruction Fuzzy Hash: 6611863260C5C17ED721677FACC6D2B275AFBC3778B240635F668C61E2DEA18C455212
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 85%
                                                      			E008E7880(void* __ecx) {
				intOrPtr _t2;
				signed int _t3;
				signed int _t13;
				void* _t14;
				signed int _t18;
				long _t21;

				_t14 = __ecx;
				_t21 = GetLastError();
				_t2 =  *0x901058; // 0x6
				_t24 = _t2 - 0xffffffff;
				if(_t2 == 0xffffffff) {
					L6:
					_t3 = E008E9E36(__eflags, _t2, 0xffffffff);
					__eflags = _t3;
					if(_t3 == 0) {
						goto L3;
					} else {
						_t18 = E008E7AC3(_t14, 1, 0x364);
						__eflags = _t18;
						if(__eflags != 0) {
							__eflags = E008E9E36(__eflags,  *0x901058, _t18);
							if(__eflags != 0) {
								E008E7557(_t18, 0x901ec4);
								E008E7B20(0);
								goto L13;
							} else {
								_t13 = 0;
								E008E9E36(__eflags,  *0x901058, 0);
								_push(_t18);
								goto L9;
							}
						} else {
							_t13 = 0;
							__eflags = 0;
							E008E9E36(0,  *0x901058, 0);
							_push(0);
							L9:
							E008E7B20();
							goto L4;
						}
					}
				} else {
					_t18 = E008E9DF7(_t24, _t2);
					if(_t18 == 0) {
						_t2 =  *0x901058; // 0x6
						goto L6;
					} else {
						if(_t18 != 0xffffffff) {
							L13:
							_t13 = _t18;
						} else {
							L3:
							_t13 = 0;
							L4:
							_t18 = _t13;
						}
					}
				}
				SetLastError(_t21);
				asm("sbb edi, edi");
				return  ~_t18 & _t13;
			}









                                                      0x008e7880
                                                      0x008e788b
                                                      0x008e788d
                                                      0x008e7892
                                                      0x008e7895
                                                      0x008e78b3
                                                      0x008e78b6
                                                      0x008e78bb
                                                      0x008e78bd
                                                      0x00000000
                                                      0x008e78bf
                                                      0x008e78cb
                                                      0x008e78cf
                                                      0x008e78d1
                                                      0x008e78f6
                                                      0x008e78f8
                                                      0x008e7911
                                                      0x008e7918
                                                      0x00000000
                                                      0x008e78fa
                                                      0x008e78fa
                                                      0x008e7903
                                                      0x008e7908
                                                      0x00000000
                                                      0x008e7908
                                                      0x008e78d3
                                                      0x008e78d3
                                                      0x008e78d3
                                                      0x008e78dc
                                                      0x008e78e1
                                                      0x008e78e2
                                                      0x008e78e2
                                                      0x00000000
                                                      0x008e78e7
                                                      0x008e78d1
                                                      0x008e7897
                                                      0x008e789d
                                                      0x008e78a1
                                                      0x008e78ae
                                                      0x00000000
                                                      0x008e78a3
                                                      0x008e78a6
                                                      0x008e7920
                                                      0x008e7920
                                                      0x008e78a8
                                                      0x008e78a8
                                                      0x008e78a8
                                                      0x008e78aa
                                                      0x008e78aa
                                                      0x008e78aa
                                                      0x008e78a6
                                                      0x008e78a1
                                                      0x008e7923
                                                      0x008e792b
                                                      0x008e7934

                                                      APIs
                                                      • GetLastError.KERNEL32(?,?,?,008E718A,008E7AB8,?,?,008E3465,?,?,?,?,?,008E1023,?,?), ref: 008E7885
                                                      • _free.LIBCMT ref: 008E78E2
                                                      • _free.LIBCMT ref: 008E7918
                                                      • SetLastError.KERNEL32(00000000,00000006,000000FF,?,?,008E3465,?,?,?,?,?,008E1023,?,?), ref: 008E7923
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ErrorLast_free
                                                      • String ID:
                                                      • API String ID: 2283115069-0
                                                      • Opcode ID: cb89fc529bf13031a339792e3b85787a85327a237f0ec658d57871bd9ec825e2
                                                      • Instruction ID: d93b05eedb038b8b0804a188f7a1daafe3a62a3a68568345d09076fe9846c2a6
                                                      • Opcode Fuzzy Hash: cb89fc529bf13031a339792e3b85787a85327a237f0ec658d57871bd9ec825e2
                                                      • Instruction Fuzzy Hash: C011E93220C5D16ED721777FAC86D2B275AFBD3775B240235FA58C21D2DBA08C459121
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008ECAF6(void* _a4, long _a8, DWORD* _a12) {
				void* _t13;

				_t13 = WriteConsoleW( *0x901860, _a4, _a8, _a12, 0);
				if(_t13 == 0 && GetLastError() == 6) {
					E008ECADF();
					E008ECAA1();
					_t13 = WriteConsoleW( *0x901860, _a4, _a8, _a12, _t13);
				}
				return _t13;
			}




                                                      0x008ecb13
                                                      0x008ecb17
                                                      0x008ecb24
                                                      0x008ecb29
                                                      0x008ecb44
                                                      0x008ecb44
                                                      0x008ecb4a

                                                      APIs
                                                      • WriteConsoleW.KERNEL32(?,00000008,008E5A5A,00000000,?,?,008EC556,?,00000001,?,?,?,008EBA3E,00000000,00000016,?), ref: 008ECB0D
                                                      • GetLastError.KERNEL32(?,008EC556,?,00000001,?,?,?,008EBA3E,00000000,00000016,?,00000000,?,?,008EBF92,00900538), ref: 008ECB19
                                                        • Part of subcall function 008ECADF: CloseHandle.KERNEL32(FFFFFFFE,008ECB29,?,008EC556,?,00000001,?,?,?,008EBA3E,00000000,00000016,?,00000000,?), ref: 008ECAEF
                                                      • ___initconout.LIBCMT ref: 008ECB29
                                                        • Part of subcall function 008ECAA1: CreateFileW.KERNEL32(CONOUT$,40000000,00000003,00000000,00000003,00000000,00000000,008ECAD0,008EC543,?,?,008EBA3E,00000000,00000016,?,00000000), ref: 008ECAB4
                                                      • WriteConsoleW.KERNEL32(?,00000008,008E5A5A,00000000,?,008EC556,?,00000001,?,?,?,008EBA3E,00000000,00000016,?,00000000), ref: 008ECB3E
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: ConsoleWrite$CloseCreateErrorFileHandleLast___initconout
                                                      • String ID:
                                                      • API String ID: 2744216297-0
                                                      • Opcode ID: 662edb722ee5dff60af38cfbfb08ce6f103fdb2141e8c3e143f5db1ef7b053a8
                                                      • Instruction ID: e2b1a8ea611e49df0e389958a16fecb1c79162a2014d755c76d0ec995eb1323a
                                                      • Opcode Fuzzy Hash: 662edb722ee5dff60af38cfbfb08ce6f103fdb2141e8c3e143f5db1ef7b053a8
                                                      • Instruction Fuzzy Hash: 5FF01C365001A8FBCF226F96EC4598A7F66FB497B0B008020FE18D5121D732C921EBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 100%
                                                      			E008E6E0E() {

				E008E7B20( *0x902354);
				 *0x902354 = 0;
				E008E7B20( *0x902358);
				 *0x902358 = 0;
				E008E7B20( *0x902038);
				 *0x902038 = 0;
				E008E7B20( *0x90203c);
				 *0x90203c = 0;
				return 1;
			}



                                                      0x008e6e17
                                                      0x008e6e24
                                                      0x008e6e2a
                                                      0x008e6e35
                                                      0x008e6e3b
                                                      0x008e6e46
                                                      0x008e6e4c
                                                      0x008e6e54
                                                      0x008e6e5d

                                                      APIs
                                                      • _free.LIBCMT ref: 008E6E17
                                                        • Part of subcall function 008E7B20: HeapFree.KERNEL32(00000000,00000000,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?), ref: 008E7B36
                                                        • Part of subcall function 008E7B20: GetLastError.KERNEL32(?,?,008E95CF,?,00000000,?,?,?,008E95F6,?,00000007,?,?,008E99FC,?,?), ref: 008E7B48
                                                      • _free.LIBCMT ref: 008E6E2A
                                                      • _free.LIBCMT ref: 008E6E3B
                                                      • _free.LIBCMT ref: 008E6E4C
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: _free$ErrorFreeHeapLast
                                                      • String ID:
                                                      • API String ID: 776569668-0
                                                      • Opcode ID: 0258806ffa197217b99ab7e93fc1b44a00353d62183ee31e88a50b5b1b38ec57
                                                      • Instruction ID: d04f4b589211b56f20f92a6e7befb89ecf1f249c60b333433fbf49d10f3339ca
                                                      • Opcode Fuzzy Hash: 0258806ffa197217b99ab7e93fc1b44a00353d62183ee31e88a50b5b1b38ec57
                                                      • Instruction Fuzzy Hash: 2EE0467082E2F09EC60A2F1ABC498193B39F789B60364000AF408E2231C6390092FB86
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 90%
                                                      			E008E6015(void* __edx, intOrPtr _a4) {
				signed int _v8;
				void* _v12;
				char _v16;
				char* _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char* _t26;
				intOrPtr* _t36;
				signed int _t37;
				signed int _t40;
				char _t42;
				signed int _t43;
				intOrPtr* _t44;
				intOrPtr* _t45;
				intOrPtr _t48;
				signed int _t49;
				signed int _t54;
				void* _t57;
				intOrPtr* _t58;
				void* _t59;
				signed int _t64;
				signed int _t66;

				_t57 = __edx;
				_t48 = _a4;
				if(_t48 != 0) {
					__eflags = _t48 - 2;
					if(_t48 == 2) {
						L5:
						_push(_t59);
						E008E8A4D(_t48, _t59);
						E008E848E(_t57, 0, 0x901d78, 0x104);
						_t26 =  *0x902040; // 0x10734c8
						 *0x902030 = 0x901d78;
						_v20 = _t26;
						__eflags = _t26;
						if(_t26 == 0) {
							L7:
							_t26 = 0x901d78;
							_v20 = 0x901d78;
							L8:
							_v8 = 0;
							_v16 = 0;
							_t64 = E008E62C2(E008E614B( &_v8, _t26, 0, 0,  &_v8,  &_v16), _v8, _v16, 1);
							__eflags = _t64;
							if(__eflags != 0) {
								E008E614B( &_v8, _v20, _t64, _t64 + _v8 * 4,  &_v8,  &_v16);
								__eflags = _t48 - 1;
								if(_t48 != 1) {
									_v12 = 0;
									_push( &_v12);
									_t49 = E008E8381(_t48, 0, _t64, _t64);
									__eflags = _t49;
									if(_t49 == 0) {
										_t58 = _v12;
										_t54 = 0;
										_t36 = _t58;
										__eflags =  *_t58;
										if( *_t58 == 0) {
											L17:
											_t37 = 0;
											 *0x902034 = _t54;
											_v12 = 0;
											_t49 = 0;
											 *0x902038 = _t58;
											L18:
											E008E7B20(_t37);
											_v12 = 0;
											L19:
											E008E7B20(_t64);
											_t40 = _t49;
											L20:
											return _t40;
										} else {
											goto L16;
										}
										do {
											L16:
											_t36 = _t36 + 4;
											_t54 = _t54 + 1;
											__eflags =  *_t36;
										} while ( *_t36 != 0);
										goto L17;
									}
									_t37 = _v12;
									goto L18;
								}
								_t42 = _v8 - 1;
								__eflags = _t42;
								 *0x902034 = _t42;
								_t43 = _t64;
								_t64 = 0;
								 *0x902038 = _t43;
								L12:
								_t49 = 0;
								goto L19;
							}
							_t44 = E008E7185(__eflags);
							_push(0xc);
							_pop(0);
							 *_t44 = 0;
							goto L12;
						}
						__eflags =  *_t26;
						if( *_t26 != 0) {
							goto L8;
						}
						goto L7;
					}
					__eflags = _t48 - 1;
					if(__eflags == 0) {
						goto L5;
					}
					_t45 = E008E7185(__eflags);
					_t66 = 0x16;
					 *_t45 = _t66;
					E008E5D17();
					_t40 = _t66;
					goto L20;
				}
				return 0;
			}



























                                                      0x008e6015
                                                      0x008e601e
                                                      0x008e6023
                                                      0x008e602d
                                                      0x008e6030
                                                      0x008e604d
                                                      0x008e604d
                                                      0x008e604e
                                                      0x008e6061
                                                      0x008e6066
                                                      0x008e606e
                                                      0x008e6074
                                                      0x008e6077
                                                      0x008e6079
                                                      0x008e6080
                                                      0x008e6080
                                                      0x008e6082
                                                      0x008e6085
                                                      0x008e6088
                                                      0x008e608f
                                                      0x008e60a8
                                                      0x008e60ad
                                                      0x008e60af
                                                      0x008e60d0
                                                      0x008e60d8
                                                      0x008e60db
                                                      0x008e60f6
                                                      0x008e60f9
                                                      0x008e6100
                                                      0x008e6104
                                                      0x008e6106
                                                      0x008e610d
                                                      0x008e6110
                                                      0x008e6112
                                                      0x008e6114
                                                      0x008e6116
                                                      0x008e6120
                                                      0x008e6120
                                                      0x008e6122
                                                      0x008e6128
                                                      0x008e612b
                                                      0x008e612d
                                                      0x008e6133
                                                      0x008e6134
                                                      0x008e613a
                                                      0x008e613d
                                                      0x008e613e
                                                      0x008e6144
                                                      0x008e6147
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e6118
                                                      0x008e6118
                                                      0x008e6118
                                                      0x008e611b
                                                      0x008e611c
                                                      0x008e611c
                                                      0x00000000
                                                      0x008e6118
                                                      0x008e6108
                                                      0x00000000
                                                      0x008e6108
                                                      0x008e60e0
                                                      0x008e60e0
                                                      0x008e60e1
                                                      0x008e60e6
                                                      0x008e60e8
                                                      0x008e60ea
                                                      0x008e60ef
                                                      0x008e60ef
                                                      0x00000000
                                                      0x008e60ef
                                                      0x008e60b1
                                                      0x008e60b6
                                                      0x008e60b8
                                                      0x008e60b9
                                                      0x00000000
                                                      0x008e60b9
                                                      0x008e607b
                                                      0x008e607e
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e607e
                                                      0x008e6032
                                                      0x008e6035
                                                      0x00000000
                                                      0x00000000
                                                      0x008e6037
                                                      0x008e603e
                                                      0x008e603f
                                                      0x008e6041
                                                      0x008e6046
                                                      0x00000000
                                                      0x008e6046
                                                      0x00000000

                                                      Strings
                                                      • C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe, xrefs: 008E6058, 008E6095
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID:
                                                      • String ID: C:\Users\user\AppData\Local\Temp\IXP000.TMP\StartupInstaller.exe
                                                      • API String ID: 0-318019467
                                                      • Opcode ID: abc67f99ab4fefc0e28b47cfd89fc5e7c1e66efeb94c76aaf264eabc35b42ff7
                                                      • Instruction ID: dc5b224d35f4eb7751f90a6078d3f3661235d959530b1504ae42154933e7568c
                                                      • Opcode Fuzzy Hash: abc67f99ab4fefc0e28b47cfd89fc5e7c1e66efeb94c76aaf264eabc35b42ff7
                                                      • Instruction Fuzzy Hash: 3C419371E04694EFDB26DF9E8C859AEBBB8FF96390F100066F404E7251E6708A50DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Download Yara Rule
                                                      C-Code - Quality: 57%
                                                      			E008E4171(void* __ecx, void* __edx, signed char* _a4, signed char* _a8, intOrPtr _a12, intOrPtr _a16, char _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				signed int _v8;
				signed int _v12;
				intOrPtr* _v16;
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				signed int _v36;
				void* _v40;
				intOrPtr _v44;
				signed int _v48;
				intOrPtr _v56;
				void _v60;
				signed char* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t74;
				void* _t75;
				char _t76;
				signed char _t78;
				signed int _t80;
				signed char* _t81;
				signed int _t82;
				signed int _t83;
				intOrPtr* _t87;
				void* _t90;
				signed char* _t93;
				intOrPtr* _t96;
				signed char _t97;
				intOrPtr _t98;
				intOrPtr _t99;
				intOrPtr* _t101;
				signed int _t102;
				signed int _t103;
				signed char _t108;
				signed char* _t111;
				signed int _t112;
				void* _t113;
				signed char* _t116;
				void* _t121;
				signed int _t123;
				void* _t130;
				void* _t131;

				_t110 = __edx;
				_t100 = __ecx;
				_t96 = _a4;
				if( *_t96 == 0x80000003) {
					return _t74;
				} else {
					_push(_t121);
					_push(_t113);
					_t75 = E008E3A76(_t96, __ecx, __edx, _t113, _t121);
					if( *((intOrPtr*)(_t75 + 8)) != 0) {
						__imp__EncodePointer(0);
						_t121 = _t75;
						if( *((intOrPtr*)(E008E3A76(_t96, __ecx, __edx, 0, _t121) + 8)) != _t121 &&  *_t96 != 0xe0434f4d &&  *_t96 != 0xe0434352) {
							_t87 = E008E3162(_t96, _a8, _a12, _a16, _a20, _a28, _a32);
							_t130 = _t130 + 0x1c;
							if(_t87 != 0) {
								L16:
								return _t87;
							}
						}
					}
					_t76 = _a20;
					_v24 = _t76;
					_v20 = 0;
					if( *((intOrPtr*)(_t76 + 0xc)) > 0) {
						_push(_a28);
						E008E3094(_t96, _t100, 0, _t121,  &_v40,  &_v24, _a24, _a16, _t76);
						_t112 = _v36;
						_t131 = _t130 + 0x18;
						_t87 = _v40;
						_v16 = _t87;
						_v8 = _t112;
						if(_t112 < _v28) {
							_t102 = _t112 * 0x14;
							_v12 = _t102;
							do {
								_t103 = 5;
								_t90 = memcpy( &_v60,  *((intOrPtr*)( *_t87 + 0x10)) + _t102, _t103 << 2);
								_t131 = _t131 + 0xc;
								if(_v60 <= _t90 && _t90 <= _v56) {
									_t93 = _v44 + 0xfffffff0 + (_v48 << 4);
									_t108 = _t93[4];
									if(_t108 == 0 ||  *((char*)(_t108 + 8)) == 0) {
										if(( *_t93 & 0x00000040) == 0) {
											_push(0);
											_push(1);
											E008E3D3B(_t112, _t96, _a8, _a12, _a16, _a20, _t93, 0,  &_v60, _a28, _a32);
											_t112 = _v8;
											_t131 = _t131 + 0x30;
										}
									}
								}
								_t112 = _t112 + 1;
								_t87 = _v16;
								_t102 = _v12 + 0x14;
								_v8 = _t112;
								_v12 = _t102;
							} while (_t112 < _v28);
						}
						goto L16;
					}
					E008E6F69(_t96, _t100, _t110, 0, _t121);
					asm("int3");
					_t111 = _v68;
					_push(_t96);
					_push(_t121);
					_push(0);
					_t78 = _t111[4];
					if(_t78 == 0) {
						L41:
						_t80 = 1;
					} else {
						_t101 = _t78 + 8;
						if( *_t101 == 0) {
							goto L41;
						} else {
							_t116 = _a4;
							if(( *_t111 & 0x00000080) == 0 || ( *_t116 & 0x00000010) == 0) {
								_t97 = _t116[4];
								_t123 = 0;
								if(_t78 == _t97) {
									L33:
									if(( *_t116 & 0x00000002) == 0 || ( *_t111 & 0x00000008) != 0) {
										_t81 = _a8;
										if(( *_t81 & 0x00000001) == 0 || ( *_t111 & 0x00000001) != 0) {
											if(( *_t81 & 0x00000002) == 0 || ( *_t111 & 0x00000002) != 0) {
												_t123 = 1;
											}
										}
									}
									_t80 = _t123;
								} else {
									_t59 = _t97 + 8; // 0x6e
									_t82 = _t59;
									while(1) {
										_t98 =  *_t101;
										if(_t98 !=  *_t82) {
											break;
										}
										if(_t98 == 0) {
											L29:
											_t83 = _t123;
										} else {
											_t99 =  *((intOrPtr*)(_t101 + 1));
											if(_t99 !=  *((intOrPtr*)(_t82 + 1))) {
												break;
											} else {
												_t101 = _t101 + 2;
												_t82 = _t82 + 2;
												if(_t99 != 0) {
													continue;
												} else {
													goto L29;
												}
											}
										}
										L31:
										if(_t83 == 0) {
											goto L33;
										} else {
											_t80 = 0;
										}
										goto L42;
									}
									asm("sbb eax, eax");
									_t83 = _t82 | 0x00000001;
									goto L31;
								}
							} else {
								goto L41;
							}
						}
					}
					L42:
					return _t80;
				}
			}















































                                                      0x008e4171
                                                      0x008e4171
                                                      0x008e4178
                                                      0x008e4181
                                                      0x008e42a0
                                                      0x008e4187
                                                      0x008e4187
                                                      0x008e4188
                                                      0x008e4189
                                                      0x008e4193
                                                      0x008e4196
                                                      0x008e419c
                                                      0x008e41a6
                                                      0x008e41cb
                                                      0x008e41d0
                                                      0x008e41d5
                                                      0x008e429c
                                                      0x00000000
                                                      0x008e429d
                                                      0x008e41d5
                                                      0x008e41a6
                                                      0x008e41db
                                                      0x008e41de
                                                      0x008e41e1
                                                      0x008e41e7
                                                      0x008e41ed
                                                      0x008e41ff
                                                      0x008e4204
                                                      0x008e4207
                                                      0x008e420a
                                                      0x008e420d
                                                      0x008e4210
                                                      0x008e4216
                                                      0x008e421c
                                                      0x008e421f
                                                      0x008e4222
                                                      0x008e4231
                                                      0x008e4232
                                                      0x008e4232
                                                      0x008e4237
                                                      0x008e424a
                                                      0x008e424c
                                                      0x008e4251
                                                      0x008e425c
                                                      0x008e425e
                                                      0x008e4260
                                                      0x008e427c
                                                      0x008e4281
                                                      0x008e4284
                                                      0x008e4284
                                                      0x008e425c
                                                      0x008e4251
                                                      0x008e428a
                                                      0x008e428b
                                                      0x008e428e
                                                      0x008e4291
                                                      0x008e4294
                                                      0x008e4297
                                                      0x008e4222
                                                      0x00000000
                                                      0x008e4216
                                                      0x008e42a1
                                                      0x008e42a6
                                                      0x008e42aa
                                                      0x008e42ad
                                                      0x008e42ae
                                                      0x008e42af
                                                      0x008e42b0
                                                      0x008e42b5
                                                      0x008e432d
                                                      0x008e432f
                                                      0x008e42b7
                                                      0x008e42b7
                                                      0x008e42bd
                                                      0x00000000
                                                      0x008e42bf
                                                      0x008e42c2
                                                      0x008e42c5
                                                      0x008e42cc
                                                      0x008e42cf
                                                      0x008e42d3
                                                      0x008e4305
                                                      0x008e4308
                                                      0x008e430f
                                                      0x008e4315
                                                      0x008e431f
                                                      0x008e4328
                                                      0x008e4328
                                                      0x008e431f
                                                      0x008e4315
                                                      0x008e4329
                                                      0x008e42d5
                                                      0x008e42d5
                                                      0x008e42d5
                                                      0x008e42d8
                                                      0x008e42d8
                                                      0x008e42dc
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42e0
                                                      0x008e42f4
                                                      0x008e42f4
                                                      0x008e42e2
                                                      0x008e42e2
                                                      0x008e42e8
                                                      0x00000000
                                                      0x008e42ea
                                                      0x008e42ea
                                                      0x008e42ed
                                                      0x008e42f2
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42f2
                                                      0x008e42e8
                                                      0x008e42fd
                                                      0x008e42ff
                                                      0x00000000
                                                      0x008e4301
                                                      0x008e4301
                                                      0x008e4301
                                                      0x00000000
                                                      0x008e42ff
                                                      0x008e42f8
                                                      0x008e42fa
                                                      0x00000000
                                                      0x008e42fa
                                                      0x00000000
                                                      0x00000000
                                                      0x00000000
                                                      0x008e42c5
                                                      0x008e42bd
                                                      0x008e4330
                                                      0x008e4334
                                                      0x008e4334

                                                      APIs
                                                      • EncodePointer.KERNEL32(00000000,?,00000000,1FFFFFFF), ref: 008E4196
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000002.00000002.1041173643.00000000008E1000.00000020.00020000.sdmp, Offset: 008E0000, based on PE: true
                                                      • Associated: 00000002.00000002.1041158424.00000000008E0000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041196965.00000000008EF000.00000002.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041222909.0000000000901000.00000004.00020000.sdmp Download File
                                                      • Associated: 00000002.00000002.1041231301.0000000000903000.00000002.00020000.sdmp Download File
                                                      Similarity
                                                      • API ID: EncodePointer
                                                      • String ID: MOC$RCC
                                                      • API String ID: 2118026453-2084237596
                                                      • Opcode ID: 098a60b7e2c47a16741c055992f9d5e09b49f6d5ad1b0ec324d3824f5b707cd9
                                                      • Instruction ID: abe8ceecec3ce74782555157ecb379fce59d3d1072a46b6525db70a9fd3a949c
                                                      • Opcode Fuzzy Hash: 098a60b7e2c47a16741c055992f9d5e09b49f6d5ad1b0ec324d3824f5b707cd9
                                                      • Instruction Fuzzy Hash: 80417B71900289AFCF15DF99CC81AEEBBB5FF49300F189159FA08A7261D3359E60DB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%